Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could of allowed an inside attacker to weaponized a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. The attack simply involved tricking a victim into viewing a malicious GIF image for it to work, according to researchers at CyberArk who also created a proof-of-concept (PoC) of the attack.
Read full article on Threat Post