Microsoft Teams contained a vulnerability that could've allowed customer data theft before it was ... [+] patched. (Photo Illustration by Jakub Porzycki/NurPhoto via Getty Images)
NurPhoto via Getty Images
Tech giants are fighting to become the de facto videoconferencing tool for remote workers in the time of COVID-19. Zoom rose to the top fast, but thanks to various security and privacy issues, was pegged back by competitors. But rivals have their flaws too, as evidenced by a weakness discovered in Microsoft’s collaboration and videoconferencing tool Teams, as revealed on Monday.
For at least three weeks from the end of February till mid-March, a malicious GIF could’ve stolen user data from Microsoft Teams accounts, possibly across an entire company, and taken control of “an organization’s entire roster of Teams accounts,” cybersecurity researchers have warned.
The relevant vulnerability was patched on April 20th, meaning users are now safe from this specific attack. But it goes to show that it isn’t just Zoom that’s vulnerable to potentially cataclysmic vulnerabilities. Other videoconferencing tools that have become hugely popular amongst populations in COVID-19 lockdown can and will be targeted too.
What’s this Evil GIF?
The vulnerability affected every Microsoft Teams version for desktop and web browser. The problem lay in the way Microsoft was handling authentication tokens for viewing images in Teams. Think of those tokens as files that prove a legitimate user is accessing the Teams account. Those tokens are handled by Microsoft at i ..
Support the originator by clicking the read the rest link below.
