Poważna luka w Microsoft Teams

Nie ma dowodów, że błąd został wykorzystany przez przestępców - twierdzi koncern.

Rosnąca popularność narzędzi do komunikacji nie umknęła uwadze hakerów. Niedawno głośno było o problemach Zooma, a miesiąc temu badacze z CyberArk wykryli poważną lukę w oprogramowaniu Microsoft Teams. Napastnicy za pomocą spreparowanego GIF-a mogli wykraść dane użytkownika aplikacji, a następnie przejąć kontrolę nad wszystkimi kontami pozostałych członków zespołu pracujących z Microsoft Teams.

Użytkownicy nawet nie musieli udostępniać niebezpiecznego GIF-a, wystarczyło go wyświetlić poprzez Microsoft Teams, po czym złośliwy obrazek automatycznie rozprzestrzeniał się po sieci.

Atak w tej formie pozwalał cyberprzestępcy zyskać dostęp do wszystkich danych z kont użytkowników „teamsów” (kalendarze, hasła, biznesplany itd.).

Podatność na ataki wiązała się ze sposobem w jaki sposób Microsoft obsługiwał tokeny uwierzytelniające do przeglądania obrazów w Teams. Tokeny były na serwerze pod adresem teams.microsoft.com lub dowolną subdomeną. CyberArk zauważył, że możliwe było przejęcie dwóch z tych subdomen – aadsync-test.teams.microsoft.com i data-dev.teams.microsoft.com – w ramach ataku.

Badacze odkryli, że jeśli hakerowi udałoby się zmusić potencjalną ofiarę do odwiedzenia przechwyconych subdomen, tokeny uwierzytelniające zostałyby przekazane na serwer napastnika. To z kolei pozwalałoby utworzyć kolejny token o nazwie „skype”, który otwierał dostęp do konta ofiary.

"To wyjątkowo groźna forma ataku. Sam fakt, iż samo wyświetlenie obrazka infekuje konto użytkownika Microsoft Teams, budzi poważny niepokój. Również sposób i tempo rozsiewania złośliwego GIF-a na inne firmowe konta znacznie ułatwia przejęcie kontroli nad członkami zespołu" – mówi Mariusz Politowicz z firmy Marken dystrybutora rozwiązań Bitdefender w Polsce.

"Ten przypadek pokazuje, że firmy muszą kontrolować subdomeny. Czasami są one tworzone w celach testowych lub krótkich kampanii marketingowych. Należy się upewnić, że nie zostaną wykorzystane później do niecnych celów" – tłumaczy Mariusz Politowicz.

CyberArk poinformował Microsoft o istnieniu luki 23 marca. W ciągu miesiąca koncern wprowadził niezbędne poprawki. Twierdzi, iż nie ma żadnych dowodów na to, że luka ta została wykorzystana przez przestępców.

Microsoft Teams w ciągu jednego tygodnia w marcu br., gdy wprowadzono blokady w gospodarce związane z koronawirusem, odnotował wzrost liczy dziennych użytkowników z 32 mln do 44 mln.

Podobne aktualności

Deprecated: Creation of dynamic property Timber\Image::$image_meta is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$_wp_attachment_metadata is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$_wp_attachment_image_alt is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_date_gmt is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$comment_status is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$ping_status is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_password is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_name is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$to_ping is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$pinged is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_modified is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_modified_gmt is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_content_filtered is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$guid is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$menu_order is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_mime_type is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$comment_count is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$filter is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$image_meta is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$_wp_attachment_metadata is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$_wp_attachment_image_alt is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_date_gmt is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$comment_status is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$ping_status is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_password is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_name is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$to_ping is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$pinged is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_modified is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_modified_gmt is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_content_filtered is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$guid is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$menu_order is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$post_mime_type is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$comment_count is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Image::$filter is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Autor: Krzysztof Pasławski | Dodano: 2022-11-14 13:20

Pięciu cyfrowych gigantów straciło na wartości blisko 4 biliony dolarów

Kapitał ucieka z największych firm z branży.

Deprecated: Creation of dynamic property Timber\Term::$term_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$slug is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_group is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_taxonomy_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$parent is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$count is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$filter is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$slug is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_group is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_taxonomy_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$parent is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$count is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$filter is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$slug is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_group is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_taxonomy_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$parent is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$count is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$filter is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$slug is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_group is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_taxonomy_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$parent is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$count is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$filter is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$slug is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_group is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_taxonomy_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$parent is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$count is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$filter is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$slug is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_group is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$term_taxonomy_id is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$parent is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$count is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71

Deprecated: Creation of dynamic property Timber\Term::$filter is deprecated in /home/sarotaq/crn/wp-content/plugins/timber-library/lib/Core.php on line 71
alphabet amazon apple google Meta microsoft