Security News > 2020 > April > How An Image Could've Let Attackers Hack Microsoft Teams Accounts
Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image.
"Eventually, the attacker could access all the data from your organization's Teams accounts - gathering confidential information, meetings and calendar information, competitive data, secrets, passwords, private information, business plans, etc."
The development comes as video conferencing software such as Zoom and Microsoft Teams are witnessing an unprecedented surge in demand as businesses, students, and even government employees across the world are forced to work and socialize from home during the coronavirus pandemic.
A Subdomain Takeover Vulnerability The flaw stems from the way Microsoft Teams handles authentication to image resources.
Videoconferencing Company-Themed Attacks on the Rise The shift to remote work amidst the ongoing COVID-19 pandemic and the increased demand for video conferencing services have become a lucrative tactic for attackers to steal credentials and distribute malware.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/12xKLMv_jYc/microsoft-teams-vulnerability.html
Related news
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)