Vulnerability in Teams allows data theft
The CyberArk Labs team determined that this problem exposes user information to a possible ransonware attack
A critical vulnerability in the collaborative professional application Microsoft Teams exposes users to data theft and ransonware attacks through the use of malicious GIF image files.
The security flaw is present in the Teams desktop and browser versions, as reported by a cybersecurity company CyberArk Labs.
The vulnerability exploits a compromised subdomain and malicious GIF, which is sent to unsuspecting Teams users and would allow an attacker to collect all the data associated with that account. The problem does not require user interaction, since the user would not have to share the GIF but only view it.
Malicious GIF has the ability to spread automatically through the Microsoft platform, and ultimately, the attacker can take over all the Teams accounts in an organization and the data transmitted by them.
CyberArk has worked with Microsoft and the security flaw has already been fixed, but has warned that the attack could potentially replicate on other communication platforms in the future.
K. Tovar
Source: DiarioTI