Authentication Token Vulnerability with Microsoft Teams

Sep 27, 2022

OVERVIEW

In mid-September 2022, security researchers at Vectra released information a post-exploitation vulnerability affecting the Microsoft Teams collaboration platform. The vulnerability allows "… malicious actors with sufficient local or remote file system access to steal valid user credentials from Microsoft Teams due to their plaintext storage on disk." While Microsoft was notified of the vulnerability, it has indicated that it does not intend to remediate the issue.

Due to the prevalent nature of Microsoft Teams, and the potential impact to the broader community, Cyborg Security has developed exclusive hunt packages to detect the most common behaviors exhibited by the exploitation of the vulnerability. This behavioral content is freely available for Community members of Cyborg Security's HUNTER Platform!

Get the Free Hunt Packages!

Check Out Other Emerging Threats >

Threat Hunting//

Threat Hunting Case Study: FileFix

FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.

Emerging Threats//

Gentlemen Ransomware

Gentlemen ransomware uses credential abuse, defense evasion, and double extortion tactics to compromise enterprise environments and increase pressure on victims.

Emerging Threats//

TeamPCP Supply Chain Attacks

TeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials, and extend attacks across software supply chains.

Sign up for our Executive Intel Update

Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.

Authentication Token Vulnerability with Microsoft Teams

OVERVIEW

Related Articles

Threat Hunting Case Study: FileFix

Gentlemen Ransomware

TeamPCP Supply Chain Attacks

Sign up for our Executive Intel Update

Sign up for our Executive Intel Update