An individual from the U.S. Navy’s red team has released TeamsPhisher, which takes advantage of an unresolved security vulnerability in Microsoft Teams.
This tool allows bypassing the restrictions imposed on incoming files from external users, known as external tenants, by exploiting a flaw previously identified by Max Corbridge and Tom Ellson from the UK-based security services company Jumpsec. Corbridge and Ellson explained how attackers could easily evade Microsoft Teams’ file-sending limitations and deliver malware from an external account.
TeamsPhisher accomplishes this by exploiting client-side protections within the application that can be deceived into treating an external user as an internal one by modifying the ID in the POST request of a message. To execute the attack, TeamsPhisher first verifies that the target user exists and can receive external messages, which is necessary for the attack to succeed.
Read More: New tool exploits Microsoft Teams bug to send malware to users
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.