![]() However, threat hunter John Bambenek told Dark Reading it could provide a secondary means for "lateral movement" in the event of a network breach. When informed by cybersecurity news site Dark Reading of the vulnerability, Microsoft said it "does not meet our bar for immediate servicing as it requires an attacker to first gain access to a target network," adding that it would consider addressing it in a future product release. As such, Vectra recommends not using the desktop app until a patch is created, and using the web application instead. ![]() The problem is mainly limited to the desktop app, because the Electron framework (that essentially creates a web app port) has "no additional security controls to protect cookie data," unlike modern web browsers. "Assuming full control of critical seats–like a company’s Head of Engineering, CEO, or CFO - attackers can convince users to perform tasks damaging to the organization." Vectra created a proof-of-concept exploit that allowed them to send a message to the account of the credential holder via an access token. Not now Turn on Turned on Turn onĪttackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks. You can disable notifications at any time in your settings menu. "Even more damaging, attackers can tamper with legitimate communications within an organization by selectively destroying, exfiltrating, or engaging in targeted phishing attacks." "This enables attackers to modify SharePoint files, Outlook mail and calendars, and Teams chat files," Vectra security architect Connor Peoples wrote. ![]() They could also pretend to be the user through apps associated with Teams, like Skype or Outlook, while bypassing the multifactor authentication (MFA) usually required. ![]() Microsoft is aware of the issue but said it has no plans for a fix anytime soon, since an exploit would also require network access.Īccording to Vectra, a hacker with local or remote system access could steal the credentials for any Teams user currently online, then impersonate them even when they're offline. The flaw affects the desktop app for Windows, Mac and Linux built using Microsoft's Electron framework. Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization, according to the security firm Vectra.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |