June 11, 2023
Teams collaboration

The flaw, which researchers said was fixed prior to yesterday’s announcement, could lead to widespread data-theft campaigns, compromised credentials, ransomware attacks and even corporate espionage.

A critical security vulnerability” in Microsoft Teams, a popular workplace collaboration platform that has seen its daily active users more than double to a total of 44 million in recent months.

The flaw, which researchers said was fixed prior to Monday’s announcement, could lead to widespread data-theft campaigns, compromised credentials, ransomware attacks and even corporate espionage.
It was found that leveraging a compromised Microsoft Teams subdomain enabled attackers to send a malicious GIF image to their target, scrape the user’s data and ultimately take over an entire roster of accounts belonging to an organization.
Advertisement

Researchers said the victim only needs to see the malicious image, which seems innocuous, to be attacked. The vulnerability could attack every user running Microsoft Teams for desktop or via a Web browser.
“One of the biggest and the scariest things about this vulnerability is that it can be spread automatically, just like a worm virus,”.“The fact that the victim needs only to see the crafted message to be impacted is a nightmare from a security perspective. Every account that could have been impacted by this vulnerability could also have been a spreading point to all other company accounts.”


CyberArk said it had worked with the Microsoft Security Research Center through its Coordinated Vulnerability Disclosure process to fix the flaw. The vulnerable subdomains were quickly reconfigured, a patch was issued on April 20, and Microsoft is continuing to develop security features to prevent similar flaws.


“In times of remote working – as companies continue to rely on technologies like Microsoft Teams, Zoom and others to stay connected with employees, customers and partners – more information is being passed back and forth more than ever,”.


“The amount of data that goes into these applications is enormous, making them prime targets for attackers,” they said. “Vulnerabilities like this can put sensitive data, credentials and conversations at risk.”
Tags cyber security israel cyber security Microsoft hack

Tags:

Leave a Reply

You may have missed

VMware Patches Vulnerabilities in Aria

VMware Patches Vulnerabilities in Aria

June 10, 2023
Fractureiser Malware Targets MineCraft

Fractureiser Malware Targets MineCraft

June 10, 2023
MoveIt New SQL Vulnerability ! Patch It

MoveIt New SQL Vulnerability ! Patch It

June 10, 2023
Japanese Pharma Eisai Victim of Ransomware Attack

Japanese Pharma Eisai Victim of Ransomware Attack

June 9, 2023
ACT Government Victim of Barracuda ESG Vulnerability

ACT Government Victim of Barracuda ESG Vulnerability

June 9, 2023
Anonymous Sudan Claims Responsible for Outlook Outages

Anonymous Sudan Claims Responsible for Outlook Outages

June 9, 2023
%d bloggers like this: