Microsoft Teams: Very Bad Tabs Could Have Led to BEC
#1
Information 
Quote:Attackers could have stepped through a yawning security hole in the Microsoft Teams chat service that would have let them masquerade as a targeted company’s employee, by reading and sending email on their behalf.

On Monday, Tenable’s Evan Grant explained in a post that he found the bug in Microsoft Power Apps: A platform for low-code/no-code rapid app development.
 
Exploitation would require a lot of moving parts. But the bug is a simple one, having to do with insufficient input validation, and it packs a nasty punch. Grant said that the vulnerability could have been leveraged to establish persistent read/write access to a victim’s Microsoft bubble, including email, Teams chats, OneDrive, Sharepoint and a variety of other services.
 
Such attacks could be carried out via a malicious Microsoft Teams tab and Power Automate flows, Grant explained. Microsoft has since fixed the bug, but Grant’s post analyzed how it might have been exploited.

Read more: Microsoft Teams: Very Bad Tabs Could Have Led to BEC | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite_2024.12.23.23
uBOLite_2024.12.23...harlan4096 — 10:29
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>