Microsoft Teams vulnerability could have let hackers access data through GIF 

Microsoft fixed a vulnerability in Microsoft Teams that would have allowed hackers to tap into a subdomain takeover flaw using a malicious GIF that extracts personal user data from the workplace communication platform, according to a recent CyberArk report. 

Microsoft Security Research Center and the information security company fixed the issue last month after discovering the account takeover vulnerability. Microsoft issued a patch and is developing more security features to prevent similar software flaws.

The GIF ultimately could have been used to gain control of an organization's entire roster of Teams accounts. 

"Even if an attacker doesn’t gather much information from a Teams’ account, they could use the account to traverse throughout an organization (just like a worm)," CyberArk said. "Eventually, the attacker could access all the data from your organization Teams accounts — gathering confidential information, competitive data, secrets, passwords, private information, business plans, etc." 

The vulnerability would have affected every Microsoft Teams user on both the desktop and web browser versions. Users would only have to see the GIF to be affected; they do not need to share it electronically for their data to become exposed.

More articles on cybersecurity: 
Email phishing attack at Advocate Aurora hospital affects 27,137 individuals
5 things for CISOs to know during COVID-19 pandemic
Judge approves $8.9M settlement for Banner Health data breach

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers