Microsoft Teams: Very Bad Tabs Could Have Led to BEC
#1
Information 
Quote:Attackers could have stepped through a yawning security hole in the Microsoft Teams chat service that would have let them masquerade as a targeted company’s employee, by reading and sending email on their behalf.

On Monday, Tenable’s Evan Grant explained in a post that he found the bug in Microsoft Power Apps: A platform for low-code/no-code rapid app development.
 
Exploitation would require a lot of moving parts. But the bug is a simple one, having to do with insufficient input validation, and it packs a nasty punch. Grant said that the vulnerability could have been leveraged to establish persistent read/write access to a victim’s Microsoft bubble, including email, Teams chats, OneDrive, Sharepoint and a variety of other services.
 
Such attacks could be carried out via a malicious Microsoft Teams tab and Power Automate flows, Grant explained. Microsoft has since fixed the bug, but Grant’s post analyzed how it might have been exploited.

Read more: Microsoft Teams: Very Bad Tabs Could Have Led to BEC | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Kali Linux 2026.2 Released With 9 New To...
Offensive Security...harlan4096 — 08:28
INTEL Arc Graphics 32.0.101.8860 driver
INTEL Arc Graphics...harlan4096 — 08:19
Thunderbird 152.0.1 & Thunderbird 140.12...
Thunderbird 152.0....harlan4096 — 07:59
ESET 19.2.7.0
Changes in 19.2.7....harlan4096 — 07:45
Mozilla Firefox Browser 152.0.4
Mozilla Firefox Br...harlan4096 — 07:44

[-]
Birthdays
Today's Birthdays
avatar (41)optsaZes
avatar (40)RaymondViata
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>