Amidst the flow of cheeky images and endless memes, evil lurks beneath.
From Threatpost, we read this:
“Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts.…
The attack simply involved tricking a victim into viewing a malicious GIF image for it to work, according to researchers at CyberArk who also created a proof-of-concept (PoC) of the attack.”
“Even if an attacker doesn’t gather much information from a [compromised] Teams’ account, they could use the account to traverse throughout an organization (just like a worm),” wrote Omer Tsarfati, CyberArk cyber security researcher, in a technical breakdown of its discovery Monday. “Eventually, the attacker could access all the data from your organization Teams accounts – gathering confidential information, competitive data, secrets, passwords, private information, business plans, etc.”
Engineers with the Microsoft Security Research Center were able to patch the vulnerability, but this situation shows us just how weak a lot of organizations are to vulnerabilities in their vital workplace tools – and why controlling workflow-side behaviour is so important. If a sensitive document doesn’t need to be shared through Teams, don’t send it. Passwords? Tokens? Users shouldn’t be sharing those in a Teams message – keep those in encrypted e-mails or safely locked up in secure password management systems.