Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Viewing GIFs can also be hacked for Microsoft Teams account
The outbreak of the COVID-19 pandemic led to a rapid increase in the number of Microsoft Teams users working remotely. However, this has also caused Teams to receive unwanted attention from cybercriminals.
Cyber security researchers from the CyberArk security team have recently found a vulnerability related to subdomain hijacking combined with malicious .GIF animations, which can be used by hackers. to "occupy valuable personal data in Microsoft Teams user accounts".
The team said that this relatively serious security flaw affects the Microsoft Teams platform on both desktop versions as well as on web browsers. What makes the vulnerability more dangerous lies in the value of data that hackers can steal if successfully hacked into a victim's account. The majority of Microsoft Teams' customers are businesses and organizations, so the platform currently contains a large amount of valuable information at the enterprise level - an attractive bait that cybercriminals target.
During the vulnerability detection process, the CyberArk team discovered that every time the application was opened, the Teams client automatically generated a new access token, authenticated via login. microsoftonline.com. Other similar tokens are created to access integrated support services like SharePoint and Outlook.
The 2 cookies used to restrict access to content are "authtoken" and "skypetoken_asm". The Skype token is sent to teams.microsoft.com and its subdomains - two of which were found to be vulnerable to hijacking.
"If an attacker could somehow force a user to gain access to the subdomains already taken, the victim's browser will send this cookie to the attacker's server and they can generate a Skype token. After doing all this, an attacker could steal the victim's Teams account data , " the CyberArk team said.
However, this chain of attacks is very complex, as an attacker needs to issue certificates for compromised subdomains - only possible by 'proving' ownership by tests like uploading a file. specific path.
To overcome this problem, the hacker will send malicious links to vulnerable subdomains, or .GIF files containing malicious tokens designed to hijack Teams users' session when they click on that .GIF file. This attack can affect multiple individuals at a time.
Malicious GIF file All information about the flaw was reported by CyberArk to Microsoft, and the Redmond company has quickly released a patch to fix the vulnerability as well as minimize the risk of similar errors in the future.
Jessica TannerYou should read it
- How to use Microsoft Teams online
- Microsoft has a group of 'elite' hackers that specialize in attacking Windows to keep the operating system safe
- Summary of shortcuts for Microsoft Teams to learn online
- Summary of popular network attacks today
- Microsoft integrates Teams utilities into Office.com website and Office Windows apps
- How to turn off mic in Microsoft Teams
- How to install Vietnamese on Microsoft Teams
- How to reopen previously visited locations in Microsoft Teams
May be interested
- Users should be wary of this Microsoft Teams security flaw
researchers have found a simple but devastating vulnerability in microsoft teams that could have provided attackers with the key to access the platform. - How to install Vietnamese on Microsoft Teamschange the microsoft teams interface to vietnamese other than the initial installation interface displayed in english format to help teachers use more conveniently.
- Instructions for using Microsoft Teams on your phonemicrosoft teams support online learning, remote meetings with many people when connecting via video or live group chat. how to use microsoft teams on your phone is very simple.
- Slack has 350,000 new users from IBM, the competition with Microsoft Teams is hotter than everthe battle for market share in the enterprise-class online group management service has always been known as a two-horse race between the two big guys slack and microsoft teams.
- How to create and join meetings on Microsoft Teamsmicrosoft teams is a chat-based collaboration platform complete with document sharing, online meeting, and many other extremely useful features for business communication.
- How to completely uninstall Microsoft Teams on Windows 10if microsoft teams continues to reinstall on windows computers and runs itself on startup, there is a solution to help you resolve this issue.
- How to connect hosting services on Microsoft Teamslinking hosted services on microsoft teams helps us send files from these services faster when working on microsoft teams.
- How to share screen in Microsoft Teamsmicrosoft teams allows you to easily share your screen in online meetings when needed. you can even choose to share your entire device screen, or just a specific application window.
- Here's how to check if your TeamViewer account is hacked.if you are worried or suspect that your teamviewer account has been hacked, you can conduct a small investigation to confirm this again.
- Keyboard shortcuts in Microsoft Teamsthis article summarizes the following shortcuts in microsoft teams by tipsmake will help you work faster in the process of using teams, thanks to the microsoft teams keyboard shortcuts that will save time and increase productivity on the plus platform. online collaboration.
Attack the network
- Nintendo acknowledged that 160,000 Switch accounts were hacked
- Profile of more than 267 million Facebook accounts for sale on the dark web for only $ 600
- Microsoft releases important OOB security updates for Microsoft Office
- What types of data are for sale on the dark web?
- Warning: The number of malicious emails is increasing rapidly on Gmail and recommendations from Google
- Warning: Cybercriminals are targeting Zoom, Google Classroom and Teams
Nintendo acknowledged that 160,000 Switch accounts were hacked
Profile of more than 267 million Facebook accounts for sale on the dark web for only $ 600
Microsoft releases important OOB security updates for Microsoft Office
What types of data are for sale on the dark web?
Warning: The number of malicious emails is increasing rapidly on Gmail and recommendations from Google
Warning: Cybercriminals are targeting Zoom, Google Classroom and Teams