U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Threat actors stole Slack private source code repositories

Enterprise collaboration platform Slack disclosed a data breach, hackers stole some of its private source code repositories. The enterprise collaboration platform Slack has announced to have suffered a security breach, threat actors have stolen some of its private source code repositories. The company pointed out that its customers were not affected. “We recently became aware […]

Slack Enterprise Key Management

Enterprise collaboration platform Slack disclosed a data breach, hackers stole some of its private source code repositories.

The enterprise collaboration platform Slack has announced to have suffered a security breach, threat actors have stolen some of its private source code repositories. The company pointed out that its customers were not affected.

“We recently became aware of a security issue involving unauthorized access to a subset of Slack’s code repositories.” reads the security update published by Slack. “On December 29, 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27.”

Slack Enterprise Key Management

Slack learned of the suspicious activity on December 29 and launched an investigation into the incident. The investigation revealed that attackers have stolen a limited number of employee tokens and used them to gain access to our externally hosted GitHub repository. The company downloaded private code repositories on December 27.

Slack pointed out that the accessed repositories did not contain primary codebase.

In response to the incident, the company immediately invalidated the stolen tokens and began investigating the potential impact on its customers.

“Our current findings show that the threat actor did not access other areas of Slack’s environment, including the production environment, and they did not access other Slack resources or customer data. There was no impact to our code or services, and we have also rotated all relevant credentials as a precaution,” continues the update.

Slack added that threat actors did not exploit any vulnerability in its systems to achieve unauthorized access. The investigation is still ongoing.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Slack)

[adrotate banner=”5″]

[adrotate banner=”13″]