Geeks for your information
Microsoft Teams: Very Bad Tabs Could Have Led to BEC - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Microsoft Teams: Very Bad Tabs Could Have Led to BEC (/showthread.php?tid=15325)



Microsoft Teams: Very Bad Tabs Could Have Led to BEC - silversurfer - 15 June 21

Quote:Attackers could have stepped through a yawning security hole in the Microsoft Teams chat service that would have let them masquerade as a targeted company’s employee, by reading and sending email on their behalf.

On Monday, Tenable’s Evan Grant explained in a post that he found the bug in Microsoft Power Apps: A platform for low-code/no-code rapid app development.
 
Exploitation would require a lot of moving parts. But the bug is a simple one, having to do with insufficient input validation, and it packs a nasty punch. Grant said that the vulnerability could have been leveraged to establish persistent read/write access to a victim’s Microsoft bubble, including email, Teams chats, OneDrive, Sharepoint and a variety of other services.
 
Such attacks could be carried out via a malicious Microsoft Teams tab and Power Automate flows, Grant explained. Microsoft has since fixed the bug, but Grant’s post analyzed how it might have been exploited.

Read more: Microsoft Teams: Very Bad Tabs Could Have Led to BEC | Threatpost