Microsoft Announces Unified Teams App as Part of New Windows 11 Update - 1

Microsoft Announces Unified Teams App as Part of New Windows 11 Update

  • Written by Deep Shikha Content Writer
  • Fact-Checked by

On March 13, Microsoft announced a significant update to the Teams app, enabling users to switch between personal and work accounts. Currently available for testing via Windows 11 insider build , the new app will only be available as a preview for commercial users from April.

Microsoft intends to phase out the current free version of the app, with plans to officially release the unified app to the public later this year. This release will be included in an upcoming Windows 11 update, version 24H2. This unified app will not incur additional costs for free users as part of this update.

Once launched, users will be able to see and access different accounts by selecting their profile picture in the upper right. The consistent feedback from Microsoft Team’s personal and work users preferring a single app led to this integration. “This update lets you use one app for all Teams accounts,” Microsoft stated in a blog post .

In future updates, users will have the option to select the account type they want to use when joining a meeting link. The app will also allow them to join a meeting without signing in.

Microsoft stated that it intends to change how notifications are received for users with multiple profiles. “In addition, personal notifications have more details, giving clear and easy actions from the notification banner,” says Microsoft in the same blog post.

Currently, users need 2 separate apps: Microsoft Teams (free) and Microsoft Teams (work or school) for personal and work purposes. The unified app will continue to be called “Microsoft Teams (work or school)” for now, but its name will change to just “Microsoft Teams” in the upcoming versions.

ChatGPT Plugins Pose Security Risks: Researchers - 2

ChatGPT Plugins Pose Security Risks: Researchers

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by

API security enterprise Salt Security identified three types of flaws within ChatGPT plugins , according to its advisory published on March 13. The flawed plugins help ChatGPT interact with third-party platforms like GitHub, Salesforce, and Google Drive. They also help to intercept up-to-date information.

The first flaw was found within the plugin installation process, which allows hackers to trick potential victims into installing malicious plugins. Once installed, the hacker can easily exploit the plugin to intercept private chat messages, including credentials and other sensitive data.

The second flaw was found within plugins developed by PluginLab, a framework used to develop various ChatGPT plugins. The researchers used “AskTheCode,” which integrates ChatGPT with a user’s GitHub account. The vulnerability allows zero-click attacks, which basically means that hackers can easily seize accounts without any malicious link or user authentication codes.

The third flaw was related to OAuth redirection manipulation and affected several plugins. Here the researchers used the Charts plugin by Kesem AI. However, to exploit this flaw and successfully seize user accounts, a hacker would need to trick victims into clicking attacker-generated malicious links.

Upon discovery, Salt Security followed procedures and notified OpenAI and third-party vendors to mitigate the potential risks and remediate these flaws.

On top of this discovery, the research team at Offensive AI Institute at Israel’s Ben Gurion University published an advisory about another AI generative tool vulnerability. The researchers found a side channel in non-Google AI chatbots, including Microsoft Copilot.

When exploited, these side channels allow a malicious threat actor to intercept network traffic in real-time and capture private conversations between a user and the AI tool .

Generative AI tools are touted as technologies that significantly improve efficiencies in our daily lives, whether at a personal or enterprise level. Therefore, any vulnerability puts millions of organizations and individuals at risk worldwide.

“As more organizations leverage this type of technology, attackers are too pivoting their efforts, finding ways to exploit these tools and subsequently gain access to sensitive data,” Yaniv Balmas, vice president of research at Salt Security said in a press release.