This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
04/30/2020
Microsoft Teams vulnerability patched, could lead to account takeover
SC Magazine
Microsoft’s Teams collaboration platform contains a vulnerability that can be exploited with a malicious GIF enabling an attacker to take over a company’s Teams accounts.
The issue resides in two Teams sub-domains that were vulnerable to takeover, aadsync-test.teams.microsoft.com and data-dev.teams.microsoft.com, said Cyberark researchers. Once taken over the attacker can use the sub-domain to obtain a legitimate certificate eventually allowing the threat actor to have access to a company’s Teams account base, scrape data or take over accounts.
“If an attacker can somehow force a user to visit the sub-domains that have been taken over, the victim’s browser will send this cookie to the attacker’s server and the attacker (after receiving the authtoken) can create a skype token. After doing all of this, the attacker can steal the victim’s Teams account data,” the researchers said.
Cyberark notified Microsoft of the issue and a patch has been issued
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information