Vulnerability permits cyber attacker to send a malicious GIF to unsuspecting Teams customers.
Cyber researchers have unearthed a flaw in Microsoft Teams that might have allowed attackers to consider more than users’ accounts by way of a malicious GIF file. Get much more details about
Malicious
GIF
A crew from security vendor CyberArk identified a subdomain takeover vulnerability from the collaboration device, which now has a lot more than 44 million everyday energetic consumers.
The flaw, which has become patched by Microsoft, would have allowed attackers to scrape users' information and consider more than an organisation’s Teams accounts using a GIF.
According to CyberArk, since users wouldn’t must share the GIF - just see it - for being impacted, vulnerabilities like this possess the ability to spread automatically.
“The truth the victim only must see the crafted message to be impacted is often a nightmare from a security perspective,” CyberArk wrote within a blog publish.
“Every account that could are already impacted by this vulnerability could also be a spreading point to all other company accounts. The GIF could also be sent to groups (a.k.a Teams), which can make it even much easier for an attacker to get control over end users speedier and with fewer measures.”
The vulnerability would have affected both Teams desktops or web browser versions if compromised. The flaw’s discovery comes all through a major surge in demand for collaboration equipment for instance Teams, Zoom, Slack and Skype for Business driven by the spread of COVID-19 as well as the need to have for workers to work from home.
