A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams’ default configuration lets external tenants (i.e., M365 users outside the organization) message an organization’s employees. The same configuration doesn’t allow external tenants to send files, but that restriction can be bypassed by switching the internal … More

The post Malware delivery to Microsoft Teams users made easy appeared first on Help Net Security.