Late last month, a Teams vulnerability was described by researchers at JUMPSEC. The vulnerability allows adversaries to bypass security controls that prevent external users from sending files (including malicious files) to users inside your organization. While Microsoft has verified the vulnerability, they’ve stated it doesn’t “meet the bar for immediate servicing.” Fast forward to this week, and a new tool called TeamsPhisher was published to GitHub on July 3 by Octoberfest7 (Alex Reid, a US Navy Red Team technical lead). TeamsPhisher builds on JUMPSEC’s Teams findings by facilitating the sending of malicious files outside of one’s own M365 tenant.
Share this post
IDOR Vulnerability Leaves Teams Tenants with…
Share this post
Late last month, a Teams vulnerability was described by researchers at JUMPSEC. The vulnerability allows adversaries to bypass security controls that prevent external users from sending files (including malicious files) to users inside your organization. While Microsoft has verified the vulnerability, they’ve stated it doesn’t “meet the bar for immediate servicing.” Fast forward to this week, and a new tool called TeamsPhisher was published to GitHub on July 3 by Octoberfest7 (Alex Reid, a US Navy Red Team technical lead). TeamsPhisher builds on JUMPSEC’s Teams findings by facilitating the sending of malicious files outside of one’s own M365 tenant.