Zoom gone.. Now it’s time for Teams………

Teams collaboration

The flaw, which researchers said was fixed prior to yesterday’s announcement, could lead to widespread data-theft campaigns, compromised credentials, ransomware attacks and even corporate espionage.

A critical security vulnerability” in Microsoft Teams, a popular workplace collaboration platform that has seen its daily active users more than double to a total of 44 million in recent months.

The flaw, which researchers said was fixed prior to Monday’s announcement, could lead to widespread data-theft campaigns, compromised credentials, ransomware attacks and even corporate espionage.
It was found that leveraging a compromised Microsoft Teams subdomain enabled attackers to send a malicious GIF image to their target, scrape the user’s data and ultimately take over an entire roster of accounts belonging to an organization.
Advertisement

Researchers said the victim only needs to see the malicious image, which seems innocuous, to be attacked. The vulnerability could attack every user running Microsoft Teams for desktop or via a Web browser.
“One of the biggest and the scariest things about this vulnerability is that it can be spread automatically, just like a worm virus,”.“The fact that the victim needs only to see the crafted message to be impacted is a nightmare from a security perspective. Every account that could have been impacted by this vulnerability could also have been a spreading point to all other company accounts.”


CyberArk said it had worked with the Microsoft Security Research Center through its Coordinated Vulnerability Disclosure process to fix the flaw. The vulnerable subdomains were quickly reconfigured, a patch was issued on April 20, and Microsoft is continuing to develop security features to prevent similar flaws.


“In times of remote working – as companies continue to rely on technologies like Microsoft Teams, Zoom and others to stay connected with employees, customers and partners – more information is being passed back and forth more than ever,”.


“The amount of data that goes into these applications is enormous, making them prime targets for attackers,” they said. “Vulnerabilities like this can put sensitive data, credentials and conversations at risk.”
Tags cyber security israel cyber security Microsoft hack

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s