![]() A malicious GIF image is prepared and created by criminals and sent to a first victim during a videoconference via chat. ![]() ![]() ![]() In detail, the attack can be exploited following the next steps: Figure 1 below demonstrates how this attack can be executed against a large company.įigure 1: Microsoft Teams attack workflow The disclosed flaw is a worm-like vulnerability that allows criminals to take over an organization’s entire roster of Teams accounts just by sending victims a malicious link to an innocent-looking GIF image.Įven if a criminal doesn’t have sensitive information from a Team’s account, the flaw can be used to perform a spread attack over the organization’s accounts just like a worm, getting the account’s tokens and then accessing all the chat sessions of the target users.
0 Comments
Leave a Reply. |