Security News > 2020 > April > Single Malicious GIF Opened Microsoft Teams to Nasty Attack
Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization's Teams accounts.
The attack simply involved tricking a victim into viewing a malicious GIF image for it to work, according to researchers at CyberArk who also created a proof-of-concept of the attack.
The attack involves malicious actors being able to abuse a JSON Web Token and a second "Skype token".
The combination of these two tokens are used by Microsoft to allow a Teams user to see images shared with them - or by them - across different Microsoft servers and services such as SharePoint and Outlook.
The novel aspect of this PoC is that all it takes to trigger the hack is the target of the attack viewing a malicious GIF sent by the rogue Teams user.
News URL
https://threatpost.com/single-malicious-gif-opened-microsoft-teams-to-nasty-attack/155155/
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)