After Zoom looks like Microsoft Teams security just got cracked anonymously. Although Zoom was not secure at the time it was compromised, Microsoft Team’s security just got breached through some GIFS. Yes, you read it right hackers can get into your accounts by sending you graphic Images.
Introduction
In the wake of COVID-19 people have had the chance of working from home. Big corporations have been working hard to provide a full proof solution for people to conduct a meeting without getting disturbed. When everything started, Zoom was the first priority for people but it had Major Flaws which forced companies like Google, Tesla ordering employees not to use the software.
Since then services like Microsoft Teams, Google Meet have emerged in the market as a prior choice. These services provided the best solution as of yet. Since people are dependent on the software for keeping connected and up to date with people around, it has gained the attention of hackers for exploiting the vulnerabilities in the software to disrupt the meetings or get access to the accounts.
How was Microsoft Teams security compromised?
According to CyberArks Blog, there was a subdomain takeover vulnerability in Microsoft Teams. The hackers could have used a malicious GIF to scrape the user’s data and take over the entire organization’s rooster of Teams accounts.
The attack is not that visible. A GIF will popup in your inbox which does its work in the background without you noticing it. It will take up all the credentials and take over the account. Further, the GIF will be sent to all of your team members compromising all of them. A demonstration of how the flaw could compromise your organization is given below.
Credit – CyberArkOne of the biggest flaws was it could spread in your organization like a worm and access to all of the confidential information saved on teams like meetings, gatherings, memos, etc.
What Now?
The discovered flaw has been taken care of by Microsoft and teams of CyberArk after CyberArk noted Microsoft Community on 23 April. This bug was only found in desktop and web browser of teams. Microsoft Teams security is no longer an issue for users.
After this attack, we need to be more aware more about the attacks that can happen to our meetings. The point is not only about Microsft Teams security but other applications too. CyberArk warned this flaw might potentially be in other platforms too and told users to stay safe while using the applications.
