Security News > 2020 > April > Single Malicious GIF Opened Microsoft Teams to Nasty Attack

Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization's Teams accounts.
The attack simply involved tricking a victim into viewing a malicious GIF image for it to work, according to researchers at CyberArk who also created a proof-of-concept of the attack.
The attack involves malicious actors being able to abuse a JSON Web Token and a second "Skype token".
The combination of these two tokens are used by Microsoft to allow a Teams user to see images shared with them - or by them - across different Microsoft servers and services such as SharePoint and Outlook.
The novel aspect of this PoC is that all it takes to trigger the hack is the target of the attack viewing a malicious GIF sent by the rogue Teams user.
News URL
https://threatpost.com/single-malicious-gif-opened-microsoft-teams-to-nasty-attack/155155/
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)