Microsoft Teams Vulnerability Exploited To Deploy Malware

TeamsPhisher, a tool created by a member of the U.S. Navy's red team, exploits a security vulnerability in Microsoft Teams to bypass restrictions on incoming files from external users, known as external tenants. The tool takes advantage of a flaw previously highlighted by security experts from Jumpsec, enabling attackers to deliver malware through an external account by manipulating the message's ID in the POST request, tricking the client-side protections of the application into treating the external user as an internal one. Read more...