SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Single Malicious GIF Opened Microsoft Teams to Nasty Attack
Date    Monday April 27 2020, @06:50PM
Author    martyb
Topic   
from the choosy-hackers-choose-gif dept.
https://soylentnews.org/article.pl?sid=20/04/27/1316204

Arthur T Knackerbracket has found the following story:

Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could [have] allowed an inside attacker to weaponized a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts.

The attack simply involved tricking a victim into viewing a malicious GIF image for it to work, according to researchers at CyberArk who also created a proof-of-concept (PoC) of the attack.

Microsoft neutralized the threat last Monday, updating misconfigured DNS records, after researchers reported the vulnerability on March 23.“Even if an attacker doesn’t gather much information from a [compromised] Teams’ account, they could use the account to traverse throughout an organization (just like a worm),” wrote Omer Tsarfati, CyberArk cyber security researcher, in a technical breakdown of its discovery Monday. “Eventually, the attacker could access all the data from your organization Teams accounts – gathering confidential information, competitive data, secrets, passwords, private information, business plans, etc.”

The attack involves malicious actors being able to abuse a JSON Web Token (“authtoken”) and a second “skype token”. The combination of these two tokens are used by Microsoft to allow a Teams user to see images shared with them – or by them – across different Microsoft servers and services such as SharePoint and Outlook.

[...] “Now with both tokens, the access token (authtoken) and the Skype token, [an attacker] will be able to make APIs calls/actions through Teams API interfaces – letting you send messages, read messages, create groups, add new users or remove users from groups, change permissions in groups,” researchers wrote.

[...] Researchers [...] said Microsoft quickly deleted the misconfigured DNS records of the two subdomains, which mitigated the problem.

Original Submission

Links
  1. "following story" - https://threatpost.com/single-malicious-gif-opened-microsoft-teams-to-nasty-attack/155155/
  2. "a proof-of-concept (PoC) of the attack" - https://cyberark.wistia.com/medias/f4b25lcyzm
  3. "technical breakdown of its discovery Monday" - https://www.cyberark.com/threat-research-blog/
  4. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=40676
© Copyright 2023 - SoylentNews, All Rights Reserved

printed from SoylentNews, Single Malicious GIF Opened Microsoft Teams to Nasty Attack on 2023-07-07 03:35:30