News

Slack users have been warned to take extra care when using the online collaboration service after researchers uncovered worrying security risks. According to an AT&T AlienLabs report, incoming 'webhooks', which are used to connect from third-party apps to post messages on Slack, can be hijacked to carry out phishing attacks. A compromised webhook not only allows unauthorized users to send messages to all the Slack channels, but it can also alter channel posting permissions. Source:...

In its Q1 2020 Top-Clicked Phishing Report, security firm KnowBe4 revealed that phishing email attacks related to COVID-19 increased by 600% in the first quarter of the year. According to the firm, 45 percent of all phishing attacks asked Internet users to either check or type in their passwords on malicious domains that spoofed legitimate ones. The second most popular phishing attacks used COVID-19-related themes to create urgency and anxiety among recipients worldwide. The rest...

Researchers at AT&T Alien Labs, the threat intelligence arm of AT&T Cybersecurity, have discovered a vulnerability in popular work collaboration platform Slack. Slack is a popular cloud-based messaging platform that is commonly used in workplace communication, with Slack Incoming Webhooks allowing users to post messages from applications to Slack. By specifying a unique URL, the message body, and a destination channel, users can send a message to any webhook using the URL for any workspace....

The Australian Federal Police (AFP) has admitted to using a facial recognition tool, despite not having an appropriate legislative framework in place, to help counter child exploitation. In response to questions taken on notice by deputy commissioner Karl Kent, the AFP said while it did not adopt the facial recognition platform Clearview AI as an enterprise product and had not entered into any formal procurement arrangements with the company, it did use a trial version....

Microsoft has released its April 2020 Patch Tuesday security updates, its first big patch update released since the work-from-home era truly got underway. It’s a doozie, with the tech giant disclosing 113 vulnerabilities. Out of these, 19 are rated as critical, and 94 are rated as important. Crucially, four of the vulnerabilities are being exploited in the wild; and two of them were previously publicly disclosed. Source: Threatpost

  SCUF data breach has taken place, exposing 1.1 million customer records including some credit card data. The breach was discovered by Comparitech, a pro-consumer website that is comprised of more than 30 researchers covering a variety of topics. One of these topics, naturally, is data breaches and this most recent one involving SCUF looks a bit rough. Thankfully, it's certainly not as bad as it could have been. Source: Techraptor

  Adobe released security patches for vulnerabilities in its ColdFusion, After Effects and Digital Editions applications. If exploited, the flaws could enable attackers to view sensitive data, gain escalated privileges, and launch denial-of-service attacks. Each of the bugs were rated important-severity, based on CVSS rankings, marking an extremely low-volume month for Adobe bug fixes. Overall Adobe patched flaws tied to five CVEs as part of its regularly scheduled security updates, Tuesday. That number pales in...

San Francisco International Airport (SFO) has warned that a breach against two of its websites may have allowed attackers to harvest visiting users’ Windows login credentials. Malicious code was planted last month on two sites – SFOConnect.com and SFOConstruction.com – as the result of a cyber-attack by unidentified (or at least unnamed) assailants, the airport admitted late last week. “The attackers inserted malicious computer code on these websites to steal some users’ login credentials,” a...

The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan (RAT) laterally throughout an entire corporate environment, researchers said. SDBbot RAT is a custom job that has been observed in TA505 attacks since at least September 2019; it offers remote-access capabilities and has a few spyware aspects, including the ability to exfiltrate data from the victimized devices and networks. Source: Threatpost