This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story
 

06/28/2023

Microsoft Teams Attack Skips the Phish to Deliver Malware Directly

Dark Reading

Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization's employees, but no patch is imminent.

A bug in the latest version of Microsoft Teams allows for external sources to send files to an organization's employees even though the application typically blocks such activity, researchers have found. This give threat actors an alternative to complex and expensive phishing campaigns to deliver malware into target organizations — but Microsoft won't be addressing it as a priority.

Researchers Max Corbridge (@CorbridgeMax) and Tom Ellson (@tde_sec) from JUMPSEC Labs' Red Team discovered a way to exploit the Microsoft Teams External Tenants feature to slip malware into files sent to an organization's employees, thus bypassing nearly all modern anti-phishing protections, they revealed in a blog post published this week.
 
Read more...

Printer-Friendly Version


Resources

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information
Resources

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information