![]() Uber employees received a message from an unknown person. In the information economy, sorting through internal discussions in an organization can be a laborious task, particularly when discussions are conducted through long chains of emails. Uber Technologies said late Thursday it was responding to a cybersecurity incident after a hacker sent company employees messages on Slack. The goal of the cloud-based team collaboration tool Slack is to simplify internal communication in order to increase efficiency. This guide to Slack is both an easily digestible introduction to the service, as well as a “living” guide that will be updated periodically to keep IT leaders in the loop on new features, integrations, competitors, and ways in which this technology can be leveraged. When did Slack launch? Slack launched in August 2013.Who does Slack affect? Practically any group can use Slack, and the free tier has no limit to the number of users that can be added to a group.Why does Slack matter? Slack attempts to increase productivity by simplifying communication.What is Slack? Slack is a cloud-based instant messaging tool that is intended to be the center of workplace collaboration, and to integrate with other products your organization uses.SEE: All of TechRepublic’s cheat sheets and smart person’s guides Executive summary This article is also available as a download, Slack: A cheat sheet (free PDF). How do I get Slack? You can create your own Slack team for free.Developers continue to improve the service by releasing new features. ![]() SEE: Essential reading for IT leaders: 10 books on cloud computing (free PDF) (TechRepublic) What is Slack? Paid tiers are available with additional features, and education and nonprofit organizations are eligible for discounts. Slack is a cloud-based collaboration tool that aims to be the central platform through which teams communicate. ![]() In the most simplistic view, Slack is an email replacement, though it operates more like group messaging or Internet Relay Chat (IRC)–foregoing the formalities of composing emails, and having various channels to which team members can be assigned, rather than the comparatively complex task of managing mailing lists. Additionally, private channels can be used to restrict conversations to pre-approved team members, while public channels are available for team members to join as desired, like IRC. In contrast to other vendors and established competitors that have a tendency toward vertical integration of features, Slack can integrate with a wide variety of third-party services. SEE: Software usage policy (TechRepublic Premium) Among these are developer tools such as Bitbucket, GitHub, and IFTTT file storage services such as Google Drive, Box, and Dropbox project management tools such as JIRA and Zendesk and social media platforms such as Twitter and Foursquare. Slack can run in practically any modern browser. Desktop applications are available for Windows, Mac OS, and Linux. Mobile apps are available on Android and iOS. Slack launches Platform: What Slack users and developers need to know (TechRepublic).In July 2019, Slack launched a complete rewrite of the Desktop and Web clients to improve start-up times and address memory leaks. ![]() This first payload scanned for the presence of certain antivirus programs before deciding whether to download and install a new backdoor program that Trend Micro has dubbed SLUB (for Slack and GitHub, which the attackers use as a repository).The goal of Slack is to increase productivity by simplifying communication, while putting Slack in the middle of your communication workflow. In cases where the exploit ran successfully, it triggered a multi-stage infection chain that first involved downloading and executing a malicious DLL file via PowerShell. However, the flaw was patched by Microsoft in May 2018, so having an up-to-date operating system would have prevented the attack. That vulnerability is tracked as CVE-2018-8174 and can be exploited through Internet Explorer. It’s not clear if victims were directed to the website via an email campaign or if attackers just waited for regular visitors, but the site was modified to host an exploit for a remote code execution vulnerability in the Windows VBScript engine. The technique of infecting websites that are of interest to a particular group of individuals or organizations is known as a “watering hole” attack. The backdoor was detected by security firm Trend Micro in a targeted attack launched from the compromised website of an organization called the Korean American National Coordinating Council that posts articles related to North and South Korean politics. While abusing legitimate services for malware command-and-control purposes is not a new development, this is the first time researchers have seen Slack, a popular enterprise collaboration tool, being used in this way. A group of hackers is using a previously undocumented backdoor program designed to interact with attackers over Slack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |