Slack and Teams’ Lax App Security Raises Alarms

23 September 2022

A new study by researchers at the University of Wisconsin-Madison points to troubling gaps in the third-party app security model of both Slack and Teams, which range from a lack of review of the apps’ code to default settings that allow any user to install an app for an entire workspace. And while Slack and Teams apps are at least limited by the permissions they seek approval for upon installation, the study’s survey of those safeguards found that hundreds of apps’ permissions would nonetheless allow them to potentially post messages as a user, hijack the functionality of other legitimate apps, or even, in a handful of cases, access content in private channels when no such permission was granted.

Read full article on Wired – Threat Level

Date:

23 September 2022

Categorie(s):

NEWS

Tag(s):

Alarms, IT, News, Security Apps, Slack

TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland – SWN #38126 April 2024
Impact of organizational structure on ransomware outcomes: Where does your org fit in?26 April 2024
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets26 April 2024
Kaiser Permanente handed over 13.4M people’s data to Microsoft, Google, others26 April 2024
Hackers make millions of attempts to exploit WordPress plugin vulnerability26 April 2024