Subj : Watch out - sharing a Wikipedia link on Slack could be a serious To : All From : TechnologyDaily Date : Mon Oct 30 2023 18:30:05 Watch out - sharing a Wikipedia link on Slack could be a serious security no-no Date: Mon, 30 Oct 2023 18:14:35 +0000 Description: What if a Wikipedia link preview in Slack was malicious? There could be a way... FULL STORY ====================================================================== Cybersecurity researchers from eSentire have discovered a glitch in how Slack renders Wikipedia articles that could be abused to trick users into opening malware -laden websites. In popular messaging apps, including Slack, when a user forgets to add a space between a full stop and the first letter of the next sentence, the app will perceive it as a domain, and render the link accordingly.Typing face.book me for, for instance, will become http://face.book . Now, if a malicious user edits a Wikipedia article at the right place and adds a reference footnote, they can trick Slack into rendering a link that doesnt exist in the article. That link can later be edited to redirect the victim to a malicious website. A lot of due diligence required From that point on, all it takes is a little creativity to get the victim to click on the link in the preview of the otherwise benign Wikipedia link to be served malware . This isnt that uncommon on Wikipedia, either. The researchers have found more than 1,000 examples of pages where the reference footnote was added to the exact location to get the Slack preview pane to generate a link. The same method works on other websites, too, like Medium, for example. However, the researchers have focused on Wikipedia because they believe it to be an authoritative, trusted source (although thats debatable). Obviously, to make it work, the attackers will first need to make sure that the victim has Slack, then join their workspace (possibly via a compromised account), and share a link that the victim will find interesting to lure them in. Given the success of phishing attacks , it certainly wouldn't be surprising to see this kind of attack being attempted. Slack has also had some other security concerns recently, such as its rather lax approach to accepting third-party app integration . More from TechRadar Pro Millions of Android phones are shipping with malware already installed Here's a list of the best firewalls today These are the best endpoint protection software right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/watch-out-sharing-a-wikipedia-link-on-s lack-could-be-a-serious-security-no-no --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .