Microsoft Teams users are urged to update to the latest version of the software to protect against the vulnerability. More technical details about the bug and a proof of concept can be found in the blog post. Open Microsoft folder, right-click on Teams folder and select Delete. This will take you to a hidden folder named AppData that contains data files for installed applications or services in Windows 10. However, Grant pointed out, the malicious actor would have to be a member of the Microsoft Teams organization that they are attacking, meaning it would only work in the context of an insider threat attack. Press Windows + R keys on your keyboard to open Run dialog box. “Despite the simplicity of the bug, the attack itself is fairly complicated and requires a working knowledge of the Microsoft Power Apps and Power Automation features.” “Furthermore, the attacker could disguise themselves as the victim and send emails and messages on their behalf, potentially allowing them to conduct further social engineering attacks within the organization,” added Grant. Read more of the latest security vulnerability news In an unpatched version of Teams, an actor could set up a malicious tab which, when opened by the victim, would allow them access to their private documents and communications. If that user is part of an Office 365/Teams organization with a Business Basic license or above, they also have access to a set of Teams tabs which consist of Microsoft Power Apps applications, the blog post explains. Finally, click on your current status below your name and choose available from the list. Log into your account by entering your username and password. In our case, we will be using the web version. Microsoft Teams has a default feature that allows a user to launch small applications (or applets) as a tab in any team they are part of. Open your Microsoft Teams app or use the web version. The attack relies on a vulnerability in the Microsoft Power Apps tab. It was discovered by Evan Grant, staff research engineer at Tenable, who detailed the security issue in a blog post released today (June 15). The bug, which has now been patched, allowed an attacker to steal a victim’s emails, Teams messages, and OneDrive files, as well as send emails and messages on their behalf. Security bug in the popular workspace app has been patchedĪ vulnerability in Microsoft Teams could allow a malicious actor to steal sensitive data and access a victim’s communications, researchers have warned.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |