Microsoft GIFshell recommendations and the Rockstar hack

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

This week I will ignore the Uber hack completely, because that's how badass I am.

In this weeks edition:

🐢 The Microsoft GIFshell attack, and why you should care🤘🏻 Rockstar got hacked, a possible GTA VI leak🔥 the quick and dirty

Reading time: 03:03

The Microsoft GIFshell attack, and why you should care

I know I know, you subribe to this newsletter for the latest and greatest in security and tech news. And the GIFshell attack ain't new..

But! Will that stop me from posting this? It surely will not.Microsoft doesn't seem to be fixing the issue(s) anytime soon, so it's my duty to inform my loyal subscribers about this.

Beats talking 'bout a certain breach with a certain ride-hailing, food delivery company.

Either way. GIFshell!

Around the end of august, security researcher BobbyR published a fascinating piece of report dubbed "Microsoft Teams GIFshell".He talks about a weakness he found in Microsoft Teams, and how there are 7 different ways to exploit it.

7.. that's a lot. - title of my sex tape

I could go into detail, but there are way smarter people who are better at explaining this.What I will do, is list the things you can do to prevent it, or minimize the chance of occurrence at least.

🥉 Possibly not for anyone, but monitor your network for suspicious activity. The attack will send strange lookup requests to the Teams server.

🥈 By default, Teams has external access for users wide open. Turn this off. Meaning your users can connect anyone outside your organization, and they can connect to your users.You can manually add trusted domains as an admin.

🥇 Disable Train your users. While this may sound like advice you could give for nearly every security issue. It's because it is.Don't skimp on training, this should be top of every company's budget, only to be surpassed by good coffee.

If you're not sure how to get security into your company's budget, here are some tips:

Still won't convince me to start using Slack, though.

Rockstar got hacked, a possible GTA VI leak

Is it just me or do you guys also hate it when people type GTA 6 instead of GTA VI?

I mean, ok, the roman numerals aren't used anymore, but still it gives that feely feel to GTA.

Rockstar Games posted this last week:

Here's what went down:

• Teapotuberhacker made a post on GTAForums claiming he hacked Rockstar Games and was able to get a hold of video's from GTA VI. But more alarming: the source code of GTA V and VI.

• He quickly followed up with a screenshot of an extract of what appeared to be test data

• He said Rockstar Games should contact him to prevent further leaking

• On telegram, he made an interesting statement though:

Why would he not want to sell the GTA VI code? Maybe because he thinks/knows Rockstar will pay him the most?

I'm curious as to how this will play out, and hope this won't affect the launch date.

A sad sight to behold.Known for games like Grand Theft Auto and the Red Dead series, Rockstar has been a favorite of mine since GTA II.

Man, how many hours did I waste spend on that?

The quick and dirty

• Uber Breach 2022 – Everything You Need to Know - Oh yeah Uber got hacked, but if you hadn't heard by now, not even I can help you.

• Antimatter brings shitposting to the classroom teaching meme's, did I miss my calling?

• Meme of the week

Security like I'm five

Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.

So sign up for the newsletter and be enlightened! (don't set the bar too high tho)