March 21, 2023

A researcher at security firm Tenable has found a vulnerability in Microsoft’s Teams application that could allow an attacker to take control of a user’s account. This could grant the attacker access to the victim’s chat history, the ability to read and send emails on the victim’s behalf, and access files in their One drive storage.

The vulnerability actually came through the Power Apps service Microsoft offers to businesses. This allows them to create business-specific use cases on Microsoft’s products, like Teams, Excel and other apps

Attackers could exploit the lack of URL verification in PowerApps to exploit a company’s users, which can be catastrophic The severity of this vulnerability is amplified by the permissions granted to Microsoft Power Apps within Microsoft Teams

The flaw was what is called a “server-side vulnerability“. These are vulnerabilities that exist on the servers that power Microsoft’s apps, software and services. Such vulnerabilities can be fixed by companies without user action, but system administrators may still want to recheck their systems for possible exploits.

Tags:

Leave a Reply

You may have missed

DotRunpeX – Malware Injector Spreads in Wild

DotRunpeX – Malware Injector Spreads in Wild

March 21, 2023
Killnet Targets Healthcare Azure Resources

Killnet Targets Healthcare Azure Resources

March 21, 2023
NBA suffers a Data Breach – Third Party Provider Data Stolen

NBA suffers a Data Breach – Third Party Provider Data Stolen

March 21, 2023
Ferrari – Cyber Attack Ransom Demanded

Ferrari – Cyber Attack Ransom Demanded

March 21, 2023
ForgeRock new Passwordless Service

ForgeRock new Passwordless Service

March 20, 2023
New Decryptor for Conti Ransomware Released

New Decryptor for Conti Ransomware Released

March 20, 2023
%d bloggers like this: