Cyberark<\/a>\u00a0researchers. Once taken over the attacker can use the sub-domain to obtain a legitimate certificate eventually allowing the threat actor to have access to a company\u2019s Teams account base, scrape data or take over accounts.<\/p>\n\u201cIf an attacker can somehow force a user to visit the sub-domains that have been taken over, the victim\u2019s browser will send this cookie to the attacker\u2019s server and the attacker (after receiving the authtoken) can create a skype token. After doing all of this, the attacker can steal the victim\u2019s Teams account data,\u201d the researchers said.<\/p>\n
Cyberark notified Microsoft of the issue and a patch has been issued<\/p>\n
The trick an attacker can use is a malicious GIF, as opposed to a plain link which many people now know not to click on. The process starts by sending an image to a victim with an \u201csrc\u201d attribute set to the compromised sub-domain via Teams chat. When the target opens this message, the victim\u2019s browser will try to load the image and this will send the authtoken cookie to the compromised sub-domain and thus to the attacker controlling the sub-domain. Ultimately this provides the attacker a pathway to scrape all the victim\u2019s data.<\/p>\n
Original article here – https:\/\/www.scmagazine.com\/home\/security-news\/vulnerabilities\/microsoft-teams-vulnerability-patched-could-lead-to-account-takeover\/<\/p>\n","protected":false},"excerpt":{"rendered":"
Microsoft\u2019s Teams collaboration platform contains a vulnerability that can be exploited with a malicious GIF enabling an attacker to take over a company\u2019s Teams accounts. The issue resides in two Teams sub-domains that were vulnerable to takeover, aadsync-test.teams.microsoft.com and data-dev.teams.microsoft.com, said\u00a0Cyberark\u00a0researchers. Once taken over the attacker can use the sub-domain to obtain a legitimate certificate […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-36","post","type-post","status-publish","format-standard","hentry","category-uncategorized","entry"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/posts\/36","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/comments?post=36"}],"version-history":[{"count":1,"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/posts\/36\/revisions"}],"predecessor-version":[{"id":37,"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/posts\/36\/revisions\/37"}],"wp:attachment":[{"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/media?parent=36"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/categories?post=36"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.solutionsunlimitedsc.com\/blog\/wp-json\/wp\/v2\/tags?post=36"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}