【Watch Black Water: Abyss Online】-Opportunity Information Network
Latest News:
Utah Jazz vs. Los Angeles Clippers 2024 livestream: Watch NBA online World Cup protesters are using AR Snap filters to display the pride flag A Pink Guggenheim? Frank Lloyd Wright Nearly Made It So The Joys and Frustrations of the Clay Court How to quit social media: This Gen Z Twitter will only get worse in 2023 Roblox avatars are helping Gen Z embrace their 'authentic selves' Susan Howe Introduces Her Latest Collection of Poems, “Debths” NYT Connections hints and answers for February 5: Tips to solve 'Connections' #605. A New Museum Memorializes the Commercial World’s Biggest Failures
Current Location: Home > Entertainment > 【Watch Black Water: Abyss Online】

【Watch Black Water: Abyss Online】

2025-06-27 09:47:11 [Entertainment] Source: Opportunity Information Network

A security researcher has uncovered a flaw in Slack that could've been exploited to steal files over the business messaging app and Watch Black Water: Abyss Onlinepotentially spread malware.

The flaw involves Slack's Windows desktop app, and how it can automatically send downloaded files to a certain destination—whether it be on your PC or to an online storage server. You can set a download location in the app's preferences section. However, David Wells, a researcher at the security firm Tenable, noticed there's another way to configure the option: Via a special link.

"Crafting a link like 'slack://settings/?update={ 'PrefSSBFileDownloadPath':'}' would change the default download location if clicked," Wells wrote in a blog post on the vulnerability.

Wells realized the same function could be abused. Imagine a hacker using the links to secretly reconfigure a Slack desktop app to send all downloaded files to an outside server. "Using this attack vector, an insider could exploit this vulnerability for corporate espionage, manipulation, or to gain access to documents outside of their purview," Well's security firm Tenable said in a separate report.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!
Original image replaced with Mashable logoOriginal image has been replaced. Credit: Mashable

The vulnerability can also pave the way for potential malware infections. Any downloaded files sent to the hacker-controller server can be altered and booby-trapped to include malicious code. The attack will commence once the victim opens the file on the Slack desktop app.

The main obstacle of carrying out this attack is circulating the hacker-created links to people on Slack, which keeps its channels private to paying clients and their companies. To pull this off, Wells noticed how Slack channels can be configured to subscribe to RSS feeds, including threads on Reddit.

"I could make a post to a very popular Reddit community that Slack users around the world are subscribed to," Wells said. The hacker-created link will then populate inside the Slack channel and possibly attract some clicks.

"This technique could be unmasked by savvy Slack users, however if decades of phishing campaigns have taught us anything, it's that users click links, and when leveraged through an untrusted RSS feed, the impact can get much more interesting," he added.

Slack has patched the flaw in version 3.4.0 of the Windows desktop app. "We investigated and found no indication that this vulnerability was ever utilized, nor reports that our users were impacted," the company said in an email.

Featured Video For You
Chadwick Boseman tapped to play history's first black samurai

(Editor: {typename type="name"/})

Related Articles
Recommended
Hot Reads
Random

友情链接

接受PR>=1、BR>=1,流量相当,内容相关类链接。