Security flaw in Microsoft Teams let hackers scrape user data using malicious GIFs
Microsoft Teams is a popular video conferencing software used by a large number of organisations to enable their remote workers to collaborate in projects and participate in team meetings. The main benefit of using Teams is that it provides first-party integration with a company’s Office 365 subscription and also features extensions that can integrate with non-Microsoft products.
Recently, security firm CyberArk discovered a subdomain takeover vulnerability in Microsoft Teams that allowed attackers to use a malicious GIF to scrape user’s data and ultimately take over an organization’s entire roster of Teams accounts.
“Since users wouldn’t have to share the GIF – just see it – to be impacted, vulnerabilities like this have the ability to spread automatically. This vulnerability would have affected every user who uses the Teams desktop or web browser version,” the firm said. The Microsoft Security Research Center promptly issued...