Set as Homepage - Add to Favorites

【This Ain't Avatar XXX Porn Parody】

Source:Creation Information Network Editor:Entertainment Time:2025-06-27 02:45:15

A security researcher has uncovered a flaw in Slack that could've been exploited to steal files over the business messaging app and This Ain't Avatar XXX Porn Parodypotentially spread malware.

The flaw involves Slack's Windows desktop app, and how it can automatically send downloaded files to a certain destination—whether it be on your PC or to an online storage server. You can set a download location in the app's preferences section. However, David Wells, a researcher at the security firm Tenable, noticed there's another way to configure the option: Via a special link.

"Crafting a link like 'slack://settings/?update={ 'PrefSSBFileDownloadPath':'}' would change the default download location if clicked," Wells wrote in a blog post on the vulnerability.

Wells realized the same function could be abused. Imagine a hacker using the links to secretly reconfigure a Slack desktop app to send all downloaded files to an outside server. "Using this attack vector, an insider could exploit this vulnerability for corporate espionage, manipulation, or to gain access to documents outside of their purview," Well's security firm Tenable said in a separate report.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!
Original image replaced with Mashable logoOriginal image has been replaced. Credit: Mashable

The vulnerability can also pave the way for potential malware infections. Any downloaded files sent to the hacker-controller server can be altered and booby-trapped to include malicious code. The attack will commence once the victim opens the file on the Slack desktop app.

The main obstacle of carrying out this attack is circulating the hacker-created links to people on Slack, which keeps its channels private to paying clients and their companies. To pull this off, Wells noticed how Slack channels can be configured to subscribe to RSS feeds, including threads on Reddit.

"I could make a post to a very popular Reddit community that Slack users around the world are subscribed to," Wells said. The hacker-created link will then populate inside the Slack channel and possibly attract some clicks.

"This technique could be unmasked by savvy Slack users, however if decades of phishing campaigns have taught us anything, it's that users click links, and when leveraged through an untrusted RSS feed, the impact can get much more interesting," he added.

Slack has patched the flaw in version 3.4.0 of the Windows desktop app. "We investigated and found no indication that this vulnerability was ever utilized, nor reports that our users were impacted," the company said in an email.

Featured Video For You
Chadwick Boseman tapped to play history's first black samurai

Previous:NYT Connections Sports Edition hints and answers for February 15: Tips to solve Connections #145

Next:Donald Trump talked about space and Buzz Aldrin's face says it all

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Elon Musk's mini submarine may be too late to help rescue Thai boysHundreds of naked Australians brave the cold for mass nude photoshootUber raises unprecedented $3.5 billion funding round because it canMan in massive penis costume sneaks onto live CNN broadcastHackers steal $23.5 million from cryptocurrency exchange BancorEverything we know about Samsung's Galaxy Note 9Dan Rather on Trump's media bashing: 'I felt a shudder down my spine''Born Just Like You' ad campaign fights for acceptance of diversityIt'll be harder to grab an Uber in Taipei as harsher crackdowns beginSerena Williams recognizes she is the greatestWatch Ben Affleck predict Spotify and Netflix streaming back in 2003Elon Musk's mini submarine may be too late to help rescue Thai boysYouTube for Android launches incognito modeEd Sheeran's doppelgänger admits the resemblance is ruining his love lifeThe KLM CareSEC comments about a proposed bitcoin ETF are as dumb as you’d expectWhatsApp will label forwarded messages to fight fake newsFacebook gave a Russian firm with Kremlin ties an extension on data collectionDaughter immediately regrets showing dad her new knife tattooSnapchat is making it easier to find lenses created by other users Fire station Christmas card features 6 super cute firefighter's babies Here's the 'cat rapper' freestyling to his cat Ravioli during bathtime What we want our boyfriends, The Chainsmokers, to buy us for Christmas Dog pees all over bed, receives gentle but fair punishment Nestlé sets up bonkers machine that plays Christmas tunes and brews coffee Here are the books that inspired the world's most successful business leaders Supermodel Karlie Kloss gives you a 360 Man discovers disturbing mystery object in potato chip packet Cosplayers pull a 'Nightmare Before Christmas' prank on mall Santa Dust off your dream journal: 12 of the world's best hotel pools Björk pens an epic open letter slamming sexism in music press Prince George was so cute this year we can hardly bear it NBA rookie dunks on LeBron James and Kyrie Irving in the same damn game Facebook 'lurking' is making you miserable and here's what you can do about it Where to watch your favorite Christmas movies this holiday season One festive office worker turned her cubicle into a winter wonderland It's not just you, Tumblr went down today Alex Trebek, Ken Jennings and more remember 'Jeopardy!' champion who passed away Does your iPhone 7 Plus have this camera issue? Here's some clever ways to get Snapchat Spectacles for the holidays

2.4675s , 10137.46875 kb

Copyright © 2025 Powered by 【This Ain't Avatar XXX Porn Parody】,Creation Information Network  

Sitemap

Top

Quick Links