CyberArk Labs stated in its blog post, ‘We found that the attacker could use a malicious GIF (graphic interchange format) to hack the user’s data and an organization, with Microsoft Teams in the grip of a sub-domain takeover. Could have hacked the entire roster of team account.
(Also read- These users of WhatsApp got new feature update, add 8 people to Video / Voice Call in this way)
CyberOrc Labs worked with the Microsoft Security Research Center after finding a flaw in the account takeover and issued an early fix.Hacking is happening through GIF
It was told that users will not have to share the GIF to be affected, but they can be attacked only by viewing it. Flaws like these have the ability to spread automatically. This flaw affects every user who uses the team desktop or web browser version. Video conferencing tools such as Microsoft Teams, Google Meet and Zoom have experienced tremendous growth in the user base as the Kovid-19 epidemic has globally asked enterprises to work from home.
(Also read- You can see phone photos and videos on your TV, you just have to change this one)
A large number of academic programs are also taking advantage of these platforms to continue classes. Most of these companies have also given free access to video conferencing platforms for anywhere between 3 to 6 months. Due to this traction is increasing and many cyber criminals are now keeping an eye on these services to do mischief.
Microsoft has removed the miss configuration in the software that has been exposed and takeover. However, CyberArk says, ‘If an attacker does not gather too much information from a team account, they can still use the account to cross the entire organization. Then finally, the attacker can access all the data from all the accounts of your organization, from which it can gather confidential information, meeting and calendar information, competitive data, secret, password, personal information, business plans data.
(Also read- Battery and data of your phone ends quickly, so turn off these 3 settings now)