Latest News

In today's interconnected world, collaboration platforms like Microsoft Teams have become vital for remote work and team communication. However, a recent security issue has surfaced, exposing a vulnerability that could compromise your business using this popular tool. Let's delve into the problem, understand its implications, and explore potential solutions.

New Microsoft Teams Bug

A member of the U.S. Navy's red team has developed a tool called TeamsPhisher, shared on GitHub, that capitalises on an unresolved security flaw within Microsoft Teams. This vulnerability allows an attacker to bypass file-sending restrictions and deliver malware from an external account to users within an organisation.

The exploit stems from a client-side protection loophole that enables external users to be mistaken for internal users. By altering the ID in a POST request, attackers can deceive Microsoft Teams and circumvent its file-sending restrictions. This significant security flaw demands immediate attention and action from any organisation using Microsoft Teams.

Safeguarding Your Business

While awaiting Microsoft's resolution of the issue, it is crucial to take proactive steps to protect your business. Consider the following strategies:

1. Disable communications with external tenants

If not necessary, it's recommended to disable communication with external tenants altogether. By restricting interactions to trusted internal parties, you can mitigate the risk of exploitation.

2. Create an allow-list of trusted domains

 Implementing an allow-list that specifies trusted domains can further reduce the chances of falling victim to this exploit. Limiting interactions to authorised sources ensures a more secure environment.

3.    Promote cyber security awareness

Educate your teams about the risks associated with social engineering and phishing attacks. Encourage them to exercise caution when clicking on links, opening unknown files, or accepting file transfers. A well-informed workforce is your first line of defence.

Not sure where to start?

If you find yourself unsure about the appropriate actions to take or need guidance on bolstering your organisation's cyber security practices, don't hesitate to reach out to the experts at CyberUnlocked. Our team of experienced professionals is dedicated to helping organisations navigate the complex realm of cyber security and develop tailored solutions to mitigate risks effectively.

Remember, in the face of evolving cyber threats, proactive measures and continuous vigilance are paramount to safeguarding your business’ digital landscape. Stay informed, stay protected.