Without getting into too many technical details, every time you open Teams, your client creates a new temporary token or access token. Given the prevalence of Teams in organizations of all sizes and the rise of its use (and that of other communications platforms like it), we wanted to dig in a bit deeper.ĭuring the research, we noticed something very interesting in the way Teams passes the authentication access token to image resources. One of the main benefits of Teams is that it provides first-party integration with a company’s Office 365 subscription and also features extensions that can integrate with non-Microsoft products. This vulnerability worked just that way and had the potential to take over an organization’s entire roster of Microsoft Teams accounts.įor those of you who are unfamiliar with Microsoft Teams, it’s a leading communication and collaboration platform combining persistent workplace chat, video meetings, file storage, collaboration on files and integration with applications. An attacker sends a GIF or an image to a victim and gets control over their account. The amount of data that goes into these applications is enormous and often includes confidential information from user names and passwords to top-secret business information – making them prime targets for attackers. Now, more than ever, these platforms are our “go-to” for almost everything from a simple chat with a team member to a company-wide all-hands meeting. These days everything is being done remotely – from job interviews to business meetings and even social gatherings. Teams, Slack or maybe Zoom? Which applications do you use? All are extremely popular with business users normally, but have been nothing short of essential during this “new norm” where businesses are working hard to stay connected to employees, customers and partners. CyberArk worked with Microsoft Security Research Center under Coordinated Vulnerability Disclosure after finding the account takeover vulnerability and a fix was quickly issued.This vulnerability would have affected every user who uses the Teams desktop or web browser version.Since users wouldn’t have to share the GIF – just see it – to be impacted, vulnerabilities like this have the ability to spread automatically.We found that by leveraging a subdomain takeover vulnerability in Microsoft Teams, attackers could have used a malicious GIF to scrape user’s data and ultimately take over an organization’s entire roster of Teams accounts.As more and more business is conducted from remote locations, attackers are focusing their efforts on exploiting the key technologies – like Zoom and Microsoft Teams – that companies and their employees depend on to stay connected.You can also send it directly to your friends through Messages, Mail, and other social media apps.
Scroll down and tap Save Image to save it to Photos or Save to Files to keep it in Files. If you want to save your GIF, tap the Share button.Tapping Done will allow you to exit the preview, but will not save your GIF. You’ll be shown a preview of your GIF.If you’re not happy with the result, you have to make a new one by running the shortcut again. Take note that once you hit Save, you can no longer undo the GIF. The yellow border surrounding the video timeline indicates the selected portion of your video timeline. You can choose a specific clip from the video by moving the sliders on either side of the video timeline. If this is your first time running the shortcut, a prompt will appear, asking for access to your photos.Once you have your video ready, follow these steps: If you don’t have videos yet, now is the time to take them. You can now proceed to make a GIF from your videos.
0 kommentar(er)
