Security News > 2020 > May > News Wrap: Microsoft Sway Phish, Malicious GIF and Spyware Attacks

A Microsoft vulnerability found in Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization's Teams accounts.

The phishing campaign used a ton of different Microsoft file sharing platforms including Microsoft Sway, which if you guys don't know what that is, it's basically Microsoft's platform for newsletters and presentations.

This attack specifically was using Microsoft Teams - CyberArk was the research company that developed a proof of concept behind this type of attack - And essentially what it was, was that Microsoft Teams uses a sophisticated sort of authentication mechanism to be able to make sure that when you send either a link to somebody on Teams, or you send a GIF and I do call them GIFs not GIFs.

Anyways, if you send an image or a GIF on Microsoft Teams CyberArk found that when the image, the GIF image was delivered to a Microsoft Teams person, because of this authentication mechanism that Microsoft has.

Then you know, you can imagine the lateral types of attacks, or the types of attacks that would be a springboard for further attacks and further compromises.

News URL

https://threatpost.com/news-wrap-microsoft-sway-phish-malicious-gif-and-spyware-attacks/155401/