CyberArk Labs New Research: Newly Discovered Microsoft Teams Vulnerability
Today, CyberArk Labs has released new research that identified a critical security vulnerability in Microsoft Teams desktop and browser instances which could lead to widespread data theft campaigns, compromised credentials, ransomware attacks and corporate espionage.
The full research is available here: https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/ via the CyberArk Threat Research Blog.
The vulnerability leverages a compromised subdomain and a malicious GIF sent to unsuspecting Teams users that would allow an attacker to scrape all data associated with that Teams account – and spread quickly to other accounts and groups without any user action.
As companies continue to rely on technologies like Microsoft Teams, Zoom and others to stay connected with employees, customers and partners – more information is being passed back and forth more than ever. Vulnerabilities like this can put sensitive data, credentials and conversations at risk. While CyberArk did work with Microsoft on a fix, the attack could potentially be replicated in other communication platforms in the future.
