Now Microsoft Teams is a target for threat actors

Once Microsoft finally closed the door on the Office macro the threat actors had to move on:

Microsoft Office Macros – The Good, The Bad and the Ugly – CyberAwake

OneNote was their first target:

Now OneNote is an attack vector | Smart Thinking Solutions

QakNote – OneNote malware now has name | Smart Thinking Solutions

Now Teams is in the firing line:

New tool exploits Microsoft Teams bug to send malware to users (bleepingcomputer.com)

I wrote about the flaw that is being exploited by the TeamsPhisher tool (produced by a cyber security researcher, a member of the US Navy Red Team), last month. At that time Microsoft has no plans to accelerate a patch for the issue! May be they will now?

Microsoft Teams – a way in for malicious software | Smart Thinking Solutions

Your takeaway

Make sure everyone knows that there is a risk when accepting files via Teams from people outside your organisation. The decision to accept and open a file should only be made depending on who exactly is sending them the file. Do they really know them?

Meanwhile we wait for Microsoft!

Clive Catton MSc (Cyber Security) – by-line and other articles