Is It Possible To Exploit User Data Via GIFs? That's What Happened To A Microsoft App
Anil - Apr 30, 2020
Private data exploited through Microsoft Teams includes secret information, passwords, business plans, and so on.
- Microsoft Surface: A Shift from Innovation to Stability?
- Looking For A Rechargeable Wireless Mouse? Check Out This List
- Microsoft Wants To Resurrect The Dead And Let Them Talk To Their Loved Ones
Together with many video conferencing apps, Microsoft Teams has witnessed phenomenal growth in popularity during the COVID-19 pandemic and resultant work-from-home policies. However, they have had to cope with new difficulties, especially privacy concerns, which could become a huge threat for corporates.
Last month, security researchers at CyberArk discovered a flaw in both desktop and web browser versions of Microsoft Teams Surprisingly, the affected account and its related computer’s data were nearly at risk because of a … GIF.
As it turned out, when the user saw a particular GIF that had been sent to them, the hacker behind the background could utilize a compromised subdomain to steal security tokens and exploit the database of that user.
This vulnerability is undoubtedly severe because it can spread far and wide with no need for manual interference. According to CyberArk, in the end, the hacker could gain access to all of your private data through your Teams accounts, which include secret information, competitive data, passwords, business plans, and so on.
Moreover, the situation may get worse if this security flaw was exploited to send false information to employees under the name of a company’s honorable leadership, causing the following damages such as financial crisis, confusion, data leakage, etc.
It seems that those companies using their exclusive Teams account for internal communication might reduce the possibility of that security flaw; however, as explained by CyberArk, a simple invitation to a conference call with an outsider can put your account at a high level of risk.
Fortunately, after the flaw had been reported to Microsoft on 23rd March, it was addressed and fixed in the latest update on 20th April. It was the result of a collaboration between CyberArk and Microsoft Security Research Center under Coordinated Vulnerability Disclosure, which received a lot of tremendous compliments. Until now, no account has been recorded to have been compromised by cybercriminals.
Featured Stories
ICT News - Feb 26, 2025
Elon Musk's Federal Workforce Overhaul: AI Takes the Helm
ICT News - Feb 26, 2025
Will AI Kill Coding Jobs? The Truth Might Surprise You
ICT News - Feb 25, 2025
Not Radiation: What Is Causing the Strange Genetic Evolution of Chernobyl’s Dogs?
ICT News - Feb 25, 2025
Google to Phase Out SMS-Based Authentication Codes
ICT News - May 17, 2022
3 Reasons your privacy gets compromised online
ICT News - May 11, 2022
Apple Devices For Sale
ICT News - Apr 12, 2022
Pin-Up Review India 2022
ICT News - Mar 29, 2022
Choosing between a shared and a dedicated server for gaming
ICT News - Mar 18, 2022
How The Internet Came Into Being
ICT News - Mar 17, 2022
The Best Gaming Tech of 2022
Read more
Mobile- 22 hours ago
How to Fake GPS Location on iPhone or Android
If you’re looking for the best fake GPS app for Android or a reliable fake GPS for iPhone, MagFone Location Changer is a top choice. It provides one-click location spoofing, route simulation, and works seamlessly with popular apps.
Gadgets- 1 hour ago
Steam Deck VS ROG Ally, Which is the Better Handheld PC?
For the price, you really can’t beat the Steam Deck. But to get the top graphics, you need to buy the ROG ally.
How To- Mar 31, 2025
Elevate Your Online Presence: Partnering with a Small Business Digital Marketing Agency
In today's digital age, establishing a robust online presence is imperative for the success of any small business.
0 Comments
Sort by Newest | Popular