Wondering how that odd file ended up in Teams for you to download?
Security researchers at JUMPSEC Labs have uncovered a way to exploit the Microsoft Teams External Tenants feature. A bug in the latest version allows external sources to send files to an organization's employees even though the application is supposed to block such activity.
The default Microsoft Teams configuration allows users from outside the company to reach out to its employees but the ability for an external source to send a file via Teams is blocked. The bug discovered by the researchers allows an attacker to bypass the file block and send malware laden files.
Precautions:
Have staff treat files available via Teams just as they do email. If you are not expecting it, verify.
Don’t ignore “External” content banners
Be on the lookout for lookalike domains: myp1anningco.com vs myplamingco.com vs myplanningco.com. These can be particularly troublesome on smartphones.
Hope Microsoft releases a bug fix sooner than later and when they do, apply the patch ASAP.
Sources: JUMPSEC Labs, DarkReading
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.
Comments