fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Slack Now Lets You DM People Outside Your Company

Slack Now Lets You DM People Outside Your Company

Slack has enabled a new ‘Slack Connect’ feature that allows users to send messages or create shared channels with people outside of their organization.

While users had previously been able to test the Slack Connect feature, it has begun to roll out to all paid workspaces today.

“Slack Connect is a new way for organizations to drive business forward and communicate with their customers, partners and vendors as quickly and easily as they interact with their coworkers in Slack,” Slack stated in an announcement.

When enabled, Slack users will see a new ‘Slack Connect’ section in their sidebar, that when clicked on, will display a screen where you can create a shared channel or initiate direct messages with external users.

New Slack Connect feature
New Slack Connect feature

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

Like other messaging apps, to send DMs, users will first send an invitation to another user by their email address. If the user accepts the invite, a new chat will appear, allowing you to communicate directly with them.

If an organization decides that Slack Connect could lead to security issues or the leaking of confidential information, it is possible to restrict who can use the feature or even disable it completely through the ‘Customize Settings’ section.

It should be noted that Slack DMs are not end-to-end encrypted. If you are looking for a more secure line of communication, then other messaging apps such as Signal, Wire, or WhatsApp may be a better choice.

Slack disables optional message due to potential abuse

As quickly as the Slack Connect feature launched, Slack has already disabled the optional message to be included in invites as it can be abused for phishing and abusive messages.

When sending a Slack Connect invite, users can add an optional note to be included in the invite to external users. 

However, this note can be abused by sending vulgar language or harassing messages to users. As the emails are sent from a generic Slack.com email address, they cannot be easily filtered out without the risk of also filtering legitimate email.

An example of how the Slack Connect invites can be abused is illustrated in the tweet below.

Another possible way the feature can be abused is by threat actors creating workspaces that imitate legitimate companies. The threat actors can then use these workspaces to target other Slack users with phishing campaigns.

While Slack admins can disable Slack Connect and prevent their users from accepting invites, users will still receive the invite emails unless they are filtered on their mail server.

Also Read: Data Protection Officer Singapore | 10 FAQs

Update 3/24/21 2:50 PM EST: Updated story about potential for abuse.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us