Cyber security news for all


    A vulnerability was found in the online collaboration platform Microsoft Teams

    The Microsoft vulnerability exploited a compromised subdomain and a malicious GIF that was sent to team users. There, an attacker could access all the data associated with his team account and spread to other accounts and groups.

    First of all, an attacker has to get a GIF into the team chat. Because he already has access to a team account of the organization or because he manages to convince an account holder to post a GIF created by the attacker in the chat. In addition, the attacker needs control of a subdomain at teams of Microsoft. Large companies have such subdomains that are vulnerable to attack in one way or another. Researchers at Microsoft found many subdomains that could be hacked by incorrect DNS settings.

    Microsoft Teams Vulnerability

    Such a gap would theoretically allow attackers to struggle through an entire company and access tons of sensitive data such as business secrets or passwords of the organizations. Hackers can attack accounts until they have control over a high level employee’s team account and then order to transfer funds or provide financial information. With the calendar functionality integrated in teams, such scams can then be tailored to the everyday work of the organization in order to attract less attention. Especially now that more and more companies are switching to Microsoft teams and similar services and almost all employees are working in the home office, such attacks have a particularly high chance of success.

    To exploit the vulnerability, an attacker would have had to gain access to a Microsoft subdomain. In the past there have been several cases in which the company did not have very good control over the subdomains. An attack would not have been so unlikely. The Microsoft vulnerability has now been fixed. The fix was resolved as soon as possible, as Microsoft has shared its findings with the Security Response Center.

    Recent Articles

    TikTok has fixed a serious security gap issue

    TikTok accounts paid a researcher a reward of 4000 dollars after he reported two vulnerabilities as part of a disclosure. A combination of both...

    Passwords should be changed for Fortinet VPNs

    Administrators should change the access for Fortinet VPNs in use. Log-in information for almost 50,000 VPN networks has appeared in various cyber blogs. A security...

    Twitter confirmed to bring back account verification

    Twitter is bringing back verifications for the account verification in the beginning of 2021. Certain users will then be given a control mark again,...

    350,000 Spotify users were hacked

    At the beginning of July this year, security researchers discovered an unsecured database that contained access and other information from 350,000 Spotify users. Spotify...

    Europol sees artificial intelligence as a dangerous cyber threat

    Cyber criminals can use intelligence to carry out attacks more easily and thus cause more damage. Europol is warning of this in a joint...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox