Microsoft fixes a bug that could let a GIF hack your organisation’s Teams account | HT Tech
Home Tech Tech News Microsoft fixes a bug that could let a GIF hack your organisation’s Teams account

Microsoft fixes a bug that could let a GIF hack your organisation’s Teams account

This vulnerability not only affects Microsoft Teams on desktop but on the web as well.

By: HT CORRESPONDENT
| Updated on: Apr 27 2020, 12:18 IST
Icon
Microsoft has fixed this bug.
Microsoft has fixed this bug. (AP)
Microsoft has fixed this bug.
Microsoft has fixed this bug. (AP)

Video conferencing apps have gained popularity at a time when a lockdown has been enforced in various countries across the globe in light of the Covid-19 outbreak. Hackers are using this opportunity to attack users in order to gain access to their account credentials and financial information. Now, a report highlights a new hack that malicious actors are using to target large organisations.

According to a report by CyberArk (via ZDNet), hackers are using a subdomain takeover vulnerability in combination with an infected GIF file for scraping a user's data and subsequently taking over the entire Microsoft Teams account of an organisation.

As per their research, Teams creates a temporary access token, which is authenticated via login.microsoftonline.com, every time a user opens the app. The app also uses "authtoken" and "skypetoken_asm" cookies to restrict content access permissions. Of these, Skype token is sent to teams.microsoft.com and its subdomains, two of which the researchers found to be vulnerable to the vulnerability.

"If an attacker can somehow force a user to visit the subdomains that have been taken over, the victim's browser will send this cookie to the attacker's server, and the attacker (after receiving the authtoken) can create a Skype token," the report says adding, "After doing all of this, the attacker can steal the victim's Teams account data."

The attacker then uses a GIF file or a malicious link to generate a token not only authenticates the attacker but also compromises the victim's Teams account. This then gives the attacker the ability to hack into the Teams account of the victim's organisation.

What's more, this vulnerability not only affects Microsoft Teams on desktop but on the web as well.

Now some good news, Microsoft has fixed the bug and all Teams accounts are safe. "We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we have taken steps to keep our customers safe," the company said in a statement to the publication.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 27 Apr, 12:18 IST
Trending: apple may open 3 more stores in these cities across india after apple saket, bkc- check locations and all details ios 18 release: launch timeline revealed ahead of apple wwdc 2024 - all the details bored of your instagram explore feed? here’s how you can change, reset it ipad air 2024 may skip mini-led display- here's what to expect from apple event on may 7 jiocinema unveils pocket-friendly premium plans for ad-free 4k streaming former google hr reveals 3 things techies need to stop doing to get better jobs how to change whatsapp font style and font size in chat window how to hide your instagram online status from others iphone ban for south korean military in talks but samsung smartphones are fine- details 4 things that google search head said in a meeting that every it employee should take note to grow salary
NEXT ARTICLE BEGINS

Tips & Tricks

WhatsApp banned
WhatsApp banned my number. What’s the solution? Step-by-step guide to ‘unban’ your account
Consider Tonnage
Don't forget these 5 things while buying ACs online
Productivity
Otter AI: How to use this AI meeting assistant app to automatically take notes, transcripts, more
Pixel 8 Pro's Pro
Know how to master Pro Controls on the Google Pixel 8 Pro - check top 4 tips
ChatGPT Plus
How to edit images generated by DALL-E in ChatGPT: Step-by-step guide

Editor’s Pick

Digi Yatra
Digi Yatra users, delete the old app right now- Here’s how to download the new app and use it at airports
iPhone 15
iPhone 16 leaks summarised: Colours, A-series chip and what more to expect from Apple in 2024
STScI-01HFQ5YXZ04PF608HQB0KRTF3S
10 stellar images shot by NASA’s $10 billion James Webb Space Telescope
HDFC Bank alerts about a few common ‘bad habits’ of smartphone users that make it easy for them to fall prey to hacking attempts and scams.
Online scams: 5 habits of smartphone users that make life easy for hackers, warns HDFC Bank
Moto Edge 50 Pro
Motorola Edge 50 Pro review: Should you buy this new AI smartphone under 35,000?

Trending Stories

Dbrand
MKBHD takes tough stand after Dbrand makes racist comment on Indian customer [Update]
GTA_6
GTA 6 leaks: What we know so far about Grand Theft Auto 6
STScI-01HFQ5YXZ04PF608HQB0KRTF3S
10 stellar images shot by NASA’s $10 billion James Webb Space Telescope
Google Vids
Google Vids- All details about this new AI video app and how to use it
iPhone 13
Apple iPhone 13 available at discounted price of Rs. 52,990 on Amazon- Check details
keep up with tech

Gaming

GTA 6 trailer rumoured to be bringing a narrative twist by showing events in reverse- All details
GTA 6 trailer rumoured to be bringing a narrative twist by showing events in reverse- All details
Garena Free Fire MAX Redeem Codes for April 26
Garena Free Fire MAX Redeem Codes for April 26: Claim the Flaming Hollowface Bundle now
Garena Free Fire Redeem Codes for April 26
Garena Free Fire Redeem Codes for April 26: Faded Wheel event is here, check rewards
GTA 5 hidden mysteries: Players discover underwater UFO beneath the Pacific Ocean
GTA 5 hidden mysteries: Players discover underwater UFO beneath the Pacific Ocean
PS5 update adds Community Game Help feature; Now get community-generated hints for supported games
PS5 update adds Community Game Help feature; Now get community-generated hints for supported games

Best Deals For You

Honor 90
5 best smartphones for your eyes: Xiaomi 13, Honor 90 to Motorola Edge Plus, check list
Innovative Neckband
Unix launches UX-2000 Retro: The ultimate wireless neckband with customizable voices
Redmi 13C 5G
Top 7 Redmi phones under 12000: From Redmi 13C to Redmi A2 - Know them all
360 Home Security Camera 2K
Valentine's Day Gift Ideas: Great options available in Xiaomi's gadget collection - check it out
PlayStation 5
5 best gaming consoles to buy right now: PlayStation 5, Xbox Series X and more

    Trending News

    MKBHD takes tough stand after Dbrand makes racist comment on Indian customer [Update]
    Dbrand
    GTA 6 leaks: What we know so far about Grand Theft Auto 6
    GTA_6
    10 stellar images shot by NASA’s $10 billion James Webb Space Telescope
    STScI-01HFQ5YXZ04PF608HQB0KRTF3S
    Google Vids- All details about this new AI video app and how to use it
    Google Vids
    Apple iPhone 13 available at discounted price of Rs. 52,990 on Amazon- Check details
    iPhone 13

    Trending Gadgets

    Mobiles Laptops Tablets