Security News

Obsidian Security announced protection for Zoom, enabling organizations to safely embrace the leading video communications service as a business-critical application. "Board meetings, medical appointments, and critical customer calls are all occurring over Zoom. Security teams are grappling with how to prevent account misuse and ensure that only the right people are in these meetings," said Glenn Chisholm, CEO of Obsidian.

The attacker can use this method to read the user's Teams messages, send messages on their behalf, create groups, add or remove users from a group, and change group permissions. The entire attack can be automated, allowing malicious actors to spread through an organization like a worm by using compromised accounts to send the malicious GIF to other Teams users.

A vulnerability existed in Microsoft's Slack for Suits tool, Teams, that could have let a remote attacker take over accounts by simply sending a malicious GIF, infosec researchers claim. The rest of the Teams vuln was patched last Monday, 20 April.

Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization's Teams accounts. The attack simply involved tricking a victim into viewing a malicious GIF image for it to work, according to researchers at CyberArk who also created a proof-of-concept of the attack.

Kaspersky has announced a free training module to help remote teams make more informed cybersecurity decisions. To further complicate matters, there is often a steep learning curve for teams with little to no experience working remotely prior to this outbreak.

Kaspersky has announced a free training module to help remote teams make more informed cybersecurity decisions. To further complicate matters, there is often a steep learning curve for teams with little to no experience working remotely prior to this outbreak.

McAfee, a device-to-cloud cybersecurity company, announced that McAfee MVISION Cloud now supports encryption enhancements in Microsoft Teams, including encrypted webhooks and encrypted payloads. This enables organizations to improve productivity of their employees by letting them use Teams as a collaboration platform, participate in conversations and calls and upload and share documents while ensuring customer data remains secure with encryption when evaluated by McAfee MVISION Cloud.

Netskope, a leading security cloud, announced the availability of its security controls and protection for Microsoft Teams. With Netskope, Teams customers benefit from a unique convergence of security capabilities that simplify the work of security teams.

A small study found that security professionals are open to new solutions even as they rely on traditional vendors to protect their networks. Limited budgets may be blocking more experimentation with new security tactics; 45% of respondents listed small budgets as the top network admin challenge today.

Dell on Friday announced the launch of Dell SafeBIOS Events & Indicators of Attack, a utility designed to alert IT and security teams about BIOS configuration changes that could be part of a sophisticated attack. Dell SafeBIOS Events & Indicators of Attack is available immediately worldwide for Dell commercial PCs as part of the company's Trusted Device solution.