Slack, Chris Adkins, Researcher discussed on Security on The Bayou
And. Welcome to security on the by you. I'm your host Chris Adkins. And they're a recap of today's Security News and why it matters to you. Hello, friends. It is Monday may twentieth. Twenty nineteen in. Here's today's Security News, first off from the registered dot co dot UK. So foes tells users to rollback soft patch Tuesday run, if they want a PC, if they want their PC to boot this is written by Gareth core field. So, so foes, has released a statement that says, hey, if you're using our product and you wanna use your computer, you have to roll back, the Microsoft patches. That seems like a bad idea if you ask me, so not just like one path all of the patches the full patch Tuesday kit, they want you to roll back into top things off. When asked if they had a plan or what's going to how are they gonna update? What's going on? They said, so foes, is working diligently, undetermined issue. And we'll provide ongoing customer guidance not that we, we'll have an update for you and weak. Give us three days, just hey, we're working on it. So if this was any other regular patch Tuesday for Mike. Soft I wouldn't be too concerned with it. But this was a pretty big deal. Remember we talked about this that one of the abilities is warm -able just like you know, they used in wannacry wanna crypt, whatever you wanna call it. So it's a pretty big deal. And it affects all all the way down to windows, XP even released patches for windows, XP. So this isn't just some run of the mill I e remote cold vulnerability. This is this. A pretty big deal. So interesting, I hope so foes, fixes quickly. It's been a bad couple of weeks in general for e providers with everything that happened with McPhee and trend and semantic last week with their source code. And this was so foes toughens tough to be navy vendor right now. All right, next from threat post dotcom slack bug allows remote file, hijacking our injections. So a researcher from tenable David Wells, and I apologize to this articles written by terra seals a researcher from tenable named David Wells discovered a bog in slack desktop version three two three two seven for windows, only that essentially allows in attacker to post a link into a slap or a link into a slack channel that is used to download a document in essentially in that protocol that allows them. To change the destination of where that file, is located to a local SM share therefore, downloading something other than intended. So somebody could put in a link to a Google doc, and all of a sudden that link now turns into an SMP file sharing your Lonergan piece of our, so there's a, it's a remote exploitation, both authenticated in unauthenticated users, Mauer more. I mean so there it goes into detail here, and, as you know, slack is pretty large. So the this is mitigated currently by upgrading to the next version, two, three four zero. So I highly I mean this is obviously already been fixed. So go upgrade your slack client on windows, using interesting that we don't see a ton of slack stuff. So next from security week dot com by Edward Kovacs team. Viewer confirms it was hacked in two thousand sixteen. This is miss not come as a prize as many issues as teams had over the years, one more thing for them. So apparently they were targeted in two thousand sixteen by a piece of Chinese Mauer. We'll just call it that for now or your phrase that piece of our that is commonly used by the Chinese. They go on to talk about how they did their full, you know, they did the research. They did the forensics and everything and nothing was stolen so. The direct quote independent experts conducted a thorough investigation using all IT forensic resources available and found no evidence that security of our users or their IT systems was affected in any way. I was take those with a grain of salt. Right. I you know. There's a lot of good friends. People out there. Everywhere you go. I just. Sometimes you just wonder right? Like I is there things that you didn't see there. Probably is. So we'll, we'll take that statement with a grain of salt, once again team, you're confirms. It was hacked twenty sixteen. All right, folks. That's it for Monday may twentieth. Twenty nineteen everybody have wonderful week. Hey, it's it's a three day weekend for those in the United States coming up. So just finished strong. Right. And if you're taking off Friday, boy, a four day weekend, so everybody finish strong. Have a good week and we'll talk tomorrow. Don't forget to subscribe at ITN's, Spotify Stitcher in tune in. You can also visit on Twitter at second. The bio on Instagram at second, the by don't Facebook guess where at second. The bio, you can also find us on Lincoln security on the bayou. Guess what else you can find on the internet at second. The by U dot com.