Microsoft Eliminates Cyber Attack Flaws
As more business is conducted from remote locations, attackers are focusing their efforts on exploiting the key collaboration technologies, like Zoom and Microsoft Teams, that companies and their employees depend on to work togethe from remote locations. Microsoft Teams, like many workplace collaboration tools, has seen huge growth in the past month, due to coronavirus lockdown rules.
Microsoft's threat protection intelligence team has warned of a "significant and growing" cyber security threat that can deliver a devastating payload.
A security problem in Microsoft Teams meant cyber-attacks could be initiated via funny Gif images, researchers have revealed. Like many chat apps, Teams lets colleagues send each other whimsical animated Gif images. But CyberArk researchers discovered a problem that meant viewing a Gif could let hackers compromise an account and steal data. Microsoft has since patched the security hole, researchers said.
The flaw involved a compromised subdomain serving up the malicious images.All a user had to do was view the Gif to allow an attacker to scrape data from their account. If left open, the flaw could have led to widespread data theft, ransomware attacks and corporate espionage, the team added.
The attack steals security tokens when a user loads an image but the end user would just see the Gif sent to them, and nothing else. CyberArk said it notified Microsoft of the vulnerability on 23 March and a patch was released at the endo of April. There is no evidence it was ever exploited by cyber-criminals.
Cyberark researchers say the a similar attack could be replicated in future on other platforms. While the attack pattern is not easy to set up, it is a workable attack and could spread very rapidly.
Microsoft: CyberArk: Forbes: BBC:
You Migh Also Read:
