Microsoft Teams Successfully Neutralized Malicious GIF Attack

What if a seemingly harmless animated GIF image suddenly snatches your Microsoft Teams account and other sensitive information stored within? What if using the same image that you inadvertently open, the attacker can take over your business and even attack other accounts to which your account is connected? This apparently unbelievable case of internet hacking has actually occurred and—fortunately—successfully intercepted and neutralized by Microsoft in collaboration with CyberArk, the team of researchers that discovered it.

The Vulnerable Data

Full disclosure of the attack is revealed by CyberArk security researchers on March 23, 2020. The attack comes out in the form of a subdomain takeover whereby Microsoft Teams users who can be forced to send a token (cookies) to the compromised subdomains may render their confidential data vulnerable to stealing and hacking. These data may include passwords, private information, calendar reminders and scheduled meetings, business plans, business competition information, and other confidential data.

Subdomain Takeover Attack

This attack stems from Microsoft’s method in managing the sharing of data across different Microsoft Teams platforms and servers. Whenever users access their Microsoft Teams account and open an application, the platform will create a temporary access token and authenticate it. Supported services, such as Microsoft Outlook and SharePoint, will also create similar tokens.

Every content that is shared on the platform is protected by permission restriction so that only eligible parties can access it. Microsoft restricts its permission by using two cookies, “authtoken” and “skypetoken_asm.” The Skype token is then sent to Microsoft Teams’ website and its subdomains. Two subdomains, i.e. addsync-test.teams.microsoft.com and data-dev.teams.microsoft.com, are proven to be vulnerable to subdomain takeover attack.

The domino effect commences when the subdomains are taken over by an attacker. The automatically generated authtoken will be sent to the compromised subdomains. The attacker, who has received the authtoken, can generate a skype token that they can use to sneak into the victim’s Microsoft Teams account and to steal every piece of vulnerable information. With the acquired authtoken, the attacker can also perform various administrative tasks within the victim’s Microsoft Teams account, including reading and sending messages, create new groups, add new users and remove users from groups, and alter groups’ permissions.

In short, with the automatically generated authtoken, the attacker can practically take over the victim’s Microsoft Teams account and all the functions and data within.

How Does the Attack Occur?

The attack starts with the attacker sending a malicious GIF image to a victim through the latter’s Microsoft Teams platform. This is done after the attacker successfully takes over the vulnerable Microsoft Teams’ subdomains. The victim will less likely be suspicious about the received image because it is sent from within the platform after the subdomain takeover completes. The authtoken is generated and sent to the compromised subdomains when the victim opens the image and right before the image loads on the browser.

The victim only needs to open the attached image for the attack to succeed!

What If There Is Nothing to Steal?

Even if the attacker finds nothing of value when successfully sneaking into the victim’s Microsoft Teams account, the attack can still be dangerous for other accounts that happen to be connected to the victim’s account. The attack will navigate across different accounts like a worm and do more serious damages that can be beyond repair.

If the victim’s account is connected to a company account, the attacker can exploit this vulnerability to spread false information, to give fake instruction from the company’s authorities to the employees, and to do malicious actions that may lead to financial problems, data stealing, and business collapse.

Why Does the Attack Matter, Especially Today?

Microsoft Teams has long become a collaborative platform for both individuals and companies. Any undetected vulnerabilities on this platform will certainly become dangerous risks for all users. These risks are serious now and ever, so why it becomes even more serious today?

Companies are forcing their staff to work from home as Covid 19 strikes. When virtually everyone works at home, online collaborative platforms like Microsoft Teams become the primary hubs for various business interactions, transactions, and competitions. Attacks that occur there can lead to truly grave situations when the world’s economy practically runs on such platforms.

CyberArk security researchers reported their findings to Microsoft after discovering it on March 23. They subsequently worked with Microsoft Security Research Center to take the necessary measures to mitigate the potential attack. Microsoft immediately removed the misconfigured DNS as a part of the mitigation effort and released a patch to deal with the newly discovered vulnerability.

Mysterious Samsung Pop-Up Selfie Camera Phone with Triple Rear Cameras

Good news for everyone who is looking for a high-tech selfie camera phone to take pictures like a pro! Samsung is reported to working on a pop-up selfie camera phone completed with three rear cameras, much for your pleasure. This is one of the most anticipated products that selfie camera phone addicts are waiting for this year. However, the development of this camera phone hasn’t been confirmed yet so far from the giant tech company. Curios of how the mysterious pop-up camera phone probably like like? This page will give you a sneak peek of the device. Check this out!

The First Time in Samsung’s History

Once the product is launched to the public, this will become the first time for Samsung to introduce its pop-up selfie camera. It is been reported that the company is developing the phone and make its fans so excited to get the first glimpse of the device. Since the work is not confirmed yet, people can only guess when it will be launched to market. What makes it more mysterious is that Samsung does not highlight the name of the product either. However, rumors indicate that this highly anticipated pop-up camera selfie phone will be a part of the “Galaxy A” series. Samsung’s coverage of this product doesn’t stop here either. The company also refuses to reveal the pricing as well as under-the-hood features of the smartphone to the public. The only thing that the public learns so far is that the selfie camera phone is shown in a luxurious black color option. So, keep calm since you will not be the only one to curious about the smartphone. Just take a pinch of salt from the information or rumors since the camera development hasn’t been confirmed yet. However, more details are expected to be shared by the South Korean tech giant in the coming weeks. 

Armored with Triple Rear Cameras

Rumors spread out there say that the smartphone will come with a pop-up selfie camera. As reported by Pigtou in collaboration with OnLeaks, it is claimed that the device will be armored with three cameras placed on the back. As of the pop-up selfie camera, the tool will be positioned towards the camera phone’s top-left side according to the alleged renders published on their websites. If the rumors are true, then the selfie camera phone will look like OnePlus 7T Pro and OnePlus 7 Pro. But, again, the reports by Pigtou and OnLeaks do not reveal the detailed information of the smartphone’s camera. If you recall, you might remember that this is not the first time Samsung is reported to be working on a smartphone with a pop-up selfie camera. It was just last year when the tech giant was rumored to introduce their pop-up functionality to their worldwide fans. This should have come along with the Samsung Galaxy A90 series. But the rumors have not been proved at all. Instead, at the end of 2019, the tech giant company launched its Samsung Galaxy A90 5G. In contrast to people’s belief, there is no pop-camera nor a waterdrop-notch found in the smartphone. Not only that but back to April 2019, this South Korean company launched its Galaxy A80. The smartphone itself comes with a rotating camera. The tool allows the phone to have nearly a bezel-less display experience. Once again, none of the rumors last year were found true. However, the rumors of this latest mysterious pop-up selfie camera phone might result in the biggest hysteria since it is the first time for the company to launch such a product. 

How Will the Phone Look Like?

Just like mentioned above, the mysterious pop-up selfie camera phone of Samsung is available in black color option. At least, that what’s the rumors say so far. The elegant black color itself is completed with thin bezels. Additionally, the upcoming pop-up selfie camera phone also has slightly curved edges, adding a luxurious touch to the device. Aside from the pop-up camera and triple rear cameras, there is a fingerprint sensor mounted on the back part of the smartphone. Exploring the look of the smartphone further, you will also find a USB Type-C port placed at the bottom. The port is also completed with a mic to its right. Meanwhile, the speaker grille is attached to the left of the USB Type-C port. The reports also state that the pop-up selfie camera of Samsung comes with a screen display of 6.5 inches. Well, while rumors will just be rumors, you are advised to wait patiently for them to be true. Hopefully, it will not take more than just a couple of weeks!

Shopify Email – a Revolutionary Marketing Tool for All Merchants

With this Covid-19 pandemic all around us and without knowing when to end, running a business becomes more challenging. With millions of people lose jobs and uncertainty in the economy, many businesses are now at risk and potentially lose customers. In this way, new marketing strategies are needed for businesses to survive. This is how Shopify Email will be a great solution you need to put into consideration. Find out everything you need to know about the revolutionary marketing tool that is now available for all merchants. 

Shopify Email – What Is It?

Shopify Email is a fresh, effective, and revolutionary platform created by Shopify. The company has recently launched the platform, right amid the coronavirus pandemic. This is a tool needed by all Shopify merchants to renew their marketing strategy to achieve goals. Shopify Email is specially designed to make it possible for all merchants who join Shopify to establish more meaningful and stronger relationships with their customers. From now on until October 1, 2020, the merchants can enjoy the platform for free. Right after this date, the first 2,500 emails delivered a month could be enjoyed freely by the merchants. However, you will be required to pay $1 for every 1,000 emails sent if the amount of the emails is more than 2,500. This is such a good offer and can save the budget for your marketing strategy as every penny is valuable now. 

Why Shopify Email?

Shopify Email will be a perfect marketing tool to help you grow business for many good reasons. It is practical, effective, money-saving, and will allow you to reach a lot of customers in time. Here is a list of how Shopify Email will be very beneficial the most for your business growth. 

·        Supporting the Businesses Amid Lockdown

The timing of Shopify Email launched has been carefully calculated to support Shopify merchants grow their businesses during coronavirus pandemic. This is what you need when people’s movements are limited. With many people are working from home now and not being able to go anywhere, emails grow more important for businesses. It will help you communicate and retain a good relationship with customers when they are being lockdown and must stay at home for the foreseeable time. With the platform, you can send professional Shopify Emails for free to your customers. This will also make it possible for you to maintain both professional and loyal relationships with your customers through email communication. 

·        Renew Your Marketing Strategies

The fast spread of the Covid-19 pandemic that forces people to stay at home for a long time, making business owners and retailers need to rethink their marketing strategy and renew it. They need to think about creative ways to keep engaged with their customers and maintain good relationships. With the lockdown, people now depend on online communication. This is how Shopify Email will be a valuable assistance for you to reach your customers and keep the business running during this testing time. You need to keep in mind that this platform is specially designed for efficiency and speed, things needed most in online communication. Shopify Email will allow you to send branded emails to your sellers simply by using a few clicks. Additionally, there are ready-made email templates that will make your emails look more professional and credible. Things like company logo, images, products, descriptions, and prices are automatically included in the templates, making it easier to create your emails.

·        Communicating Critical Messages and Information

Another reason you should use this Shopify Email is that the platform enables you to communicate important information in much easier and more convenient ways. This could be everything from the latest products available or discount programs to updates about delivery and pickup information. Another major plus about this Shopify Email is that you can track the results of the email campaigns by using an analytical dashboard available in the platform. In this way, you can find out what’s needed to maintain, improve, or even eliminate certain things in your marketing strategy to make it more effective.

·        Keep You Professional

Last but not least, Shopify Email will help you maintain professional email campaigns to achieve your marketing goals. By launching the platform during the pandemic of Covid-19, Shopify Email shows that email marketing is important. Not only that but it is now also seen as one of the perfect solutions that marketing strategies can offer for businesses to thrive. When most people are isolated now, maintaining good communication with your customers through professional and effective email campaigns is a wise strategy to take.