Cyber security news for all

More

    A vulnerability was found in the online collaboration platform Microsoft Teams

    The Microsoft vulnerability exploited a compromised subdomain and a malicious GIF that was sent to team users. There, an attacker could access all the data associated with his team account and spread to other accounts and groups.

    First of all, an attacker has to get a GIF into the team chat. Because he already has access to a team account of the organization or because he manages to convince an account holder to post a GIF created by the attacker in the chat. In addition, the attacker needs control of a subdomain at teams of Microsoft. Large companies have such subdomains that are vulnerable to attack in one way or another. Researchers at Microsoft found many subdomains that could be hacked by incorrect DNS settings.

    Microsoft Teams Vulnerability

    Such a gap would theoretically allow attackers to struggle through an entire company and access tons of sensitive data such as business secrets or passwords of the organizations. Hackers can attack accounts until they have control over a high level employee’s team account and then order to transfer funds or provide financial information. With the calendar functionality integrated in teams, such scams can then be tailored to the everyday work of the organization in order to attract less attention. Especially now that more and more companies are switching to Microsoft teams and similar services and almost all employees are working in the home office, such attacks have a particularly high chance of success.

    To exploit the vulnerability, an attacker would have had to gain access to a Microsoft subdomain. In the past there have been several cases in which the company did not have very good control over the subdomains. An attack would not have been so unlikely. The Microsoft vulnerability has now been fixed. The fix was resolved as soon as possible, as Microsoft has shared its findings with the Security Response Center.

    Recent Articles

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    The slamming of undeletable Adware on Android users

    Researchers have discovered that about 14.8% of users of android phones that were targeted with mobile adware or malware the previous year have undeletable...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox