Security News > 2020 > April > How An Image Could've Let Attackers Hack Microsoft Teams Accounts
Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image.
"Eventually, the attacker could access all the data from your organization's Teams accounts - gathering confidential information, meetings and calendar information, competitive data, secrets, passwords, private information, business plans, etc."
The development comes as video conferencing software such as Zoom and Microsoft Teams are witnessing an unprecedented surge in demand as businesses, students, and even government employees across the world are forced to work and socialize from home during the coronavirus pandemic.
A Subdomain Takeover Vulnerability The flaw stems from the way Microsoft Teams handles authentication to image resources.
Videoconferencing Company-Themed Attacks on the Rise The shift to remote work amidst the ongoing COVID-19 pandemic and the increased demand for video conferencing services have become a lucrative tactic for attackers to steal credentials and distribute malware.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/12xKLMv_jYc/microsoft-teams-vulnerability.html
Related news
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Black Basta poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)