XSLeak flaw in Slack could allow a malicious workspace member to launch de-anonymisation attacks

clock • 3 min read
XSLeak flaw in Slack could allow a malicious workspace member to launch de-anonymisation attacks
Image:

XSLeak flaw in Slack could allow a malicious workspace member to launch de-anonymisation attacks

Slack says users can prevent such attacks by ensuring that everyone in their workspace is 'trusted'

A security researcher claims to have uncovered a cross-site leak (XSLeak) flaw in the file-sharing feature of Slack's web application which could enable threat actors to identify users outside of the workforce...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

More on Security

What one thing should you do to secure your Kubernetes environment?

What one thing should you do to secure your Kubernetes environment?

Lack of resources is a massive blocker, so you'll need to prioritise

Tom Allen
clock 02 December 2021 • 2 min read
Law enforcement has stepped up its game to combat REvil over the past year

FBI seized Bitcoins worth $2.3 million from REvil affiliate

The cash comes from ransomware payouts to mitigate REvil attacks

clock 02 December 2021 • 3 min read
IKEAs email system under attack, report

IKEA's email system under attack, report

Reply-chain attacks allow hackers to send malicious emails from genuine accounts

John Leonard
clock 29 November 2021 • 2 min read