Menu
Microsoft Teams vulnerable to GIF attack

Microsoft Teams vulnerable to GIF attack

Vulnerability allows cyber attacker to send a malicious GIF to unsuspecting Teams users

Credit: Microsoft

Cyber researchers have unearthed a flaw in Microsoft Teams that would have allowed attackers to take over users’ accounts via a malicious GIF file. 

A team from security vendor CyberArk found a subdomain takeover vulnerability in the collaboration tool, which now has more than 44 million daily active users.

The flaw, which has been patched by Microsoft, would have allowed attackers to scrape users' data and take over an organisation’s Teams accounts using a GIF.

According to CyberArk, since users wouldn’t have to share the GIF – just see it – to be impacted, vulnerabilities like this have the ability to spread automatically.

“The fact that the victim only needs to see the crafted message to be impacted is a nightmare from a security perspective,” CyberArk wrote in a blog post.

“Every account that could have been impacted by this vulnerability could also be a spreading point to all other company accounts. The GIF could also be sent to groups (a.k.a Teams), which makes it even easier for an attacker to get control over users faster and with fewer steps.”

The vulnerability would have affected both Teams desktops or web browser versions if compromised. The flaw’s discovery comes during a major surge in demand for collaboration tools such as Teams, Zoom, Slack and Skype for Business driven by the spread of COVID-19 and the need for staff to work from home. 

Rival Zoom has also struggled to fend of security concerns about its software, leading it to hire former Facebook security chief Alex Stamos as an adviser.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags zoomgifMicrosoft Teams

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments