1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft Teams is being hacked to crack Office 365 accounts - he

    From TechnologyDaily@1337:1/100 to All on Wed May 17 12:45:03 2023
    Microsoft Teams is being hacked to crack Office 365 accounts - here's how to stay safe

    Date:
    Wed, 17 May 2023 11:31:48 +0000

    Description:
    Hackers look to exploit Microsoft Teams to steal people's Office 365 login credentials.

    FULL STORY ======================================================================

    Researchers have discovered more ways to abuse Microsoft Teams to steal
    Office 365 user credentials by spreading malware , a new report has claimed.

    New Proofpoint findings have claimed hackers can abuse the Tabs feature, used to synchronize between Microsoft Teams and Calendar, and the Teams API, to deliver droppers, or phishing pages, to unsuspecting victims.

    The Tabs feature providers Teams users with quick access to different tools, such as OneDrive. As the default tabs cant be moved around, users can get
    used to different ones and use them without second-guessing their benign nature. However, there is a way to move the default tabs, which
    cybercriminals could use to swap the legitimate ones with malicious ones. In one such example, Proofpoint says, a Website tab could point towards a malicious landing page where victims could end up giving away their Office
    365 credentials. Abusing meetings

    The Website tab can also be changed to point to a file, which would get automatically downloaded on click. Cybercriminals could abuse this functionality to deliver droppers, the researchers said.

    Microsoft Teams meeting invites can also be weaponized - when a member
    creates an online meeting , the platform generates multiple links and sends
    to the invitees. With the help of Teams API calls, a threat actor would be able to swap the legitimate links for malicious ones. Read more

    This brutal hacking tool could steal virtually all of your logins


    Best authenticator apps today: add an extra layer of online security


    These are the best ID theft protection solutions right now

    Crooks can also go for a different approach, using Teams API or user
    interface to weaponize existing links in sent messages. In this scenario, the hyperlink that the victims receive wouldnt change, just the URL behind it, making discovery even more difficult.

    While the researchers are warning that these methods are dangerous, they stressed that in order to be effective, the attackers need to obtain a Teams account beforehand. These are the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-teams-is-being-hacked-to-crack-office -365-accounts-heres-how-to-stay-safe


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)