Hosted on MSN

Microsoft Teams Token Replay Attack: What Happened and Fixes

An existing dysfunction on the patient side of Microsoft Teams provided the opportunity for an adversary with local access to replay session tokens. Microsoft has patched this. This article will ...
Dark Reading

Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish

Attackers who gain initial access to a victim's network now have another method of expanding their reach: using access tokens from other Microsoft Teams users to impersonate those employees and ...
Ars Technica

Microsoft Teams stores cleartext auth tokens, won’t be quickly patched | Ars OpenForum

This is a known issue with OAuth and is how basically any electron app works. The tl;dr is if you're able to steal files "as the user" it's already game over. This is no different than stealing ...
Dark Reading

Microsoft Teams Features Amp Up Orgs' Cyberattack Exposure

Researchers have identified several ways hackers can leverage Microsoft Teams functionalities to phish users, or deliver malware directly to their computers without their knowing it. Using tabs in the ...
CSOonline

Researchers show ways to abuse Microsoft Teams accounts for lateral movement

With organizations increasingly adopting cloud-based services and applications, especially collaboration tools, attackers have pivoted their attacks as well. Microsoft services consistently rank at ...
Infosecurity-magazine.com

Social Engineering Risks Found in Microsoft Teams

Several new ways of effectively abusing Microsoft Teams via social engineering have been discovered by security researchers at Proofpoint. “[We] recently analyzed over 450 million malicious sessions, ...
Ars Technica

Microsoft Teams stores cleartext auth tokens, won’t be quickly patched

Microsoft’s Teams client stores users’ authentication tokens in an unprotected text format, potentially allowing attackers with local access to post messages and move laterally through an organization ...