Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.
Follow Dark Reading:
 September 16, 2022
LATEST SECURITY NEWS & COMMENTARY
Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish
Access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.
Malware on Pirated Content Sites a Major WFH Risk for Enterprises
Malware-laced ads are hauling in tens of millions of dollars in revenue for operators of pirated-content sites — posing a real risk to enterprises from remote employees.
Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government
Authorities are cracking down on persistent cybercriminal attacks from APTs associated with Iran's Islamic Revolutionary Guard Corps.
5 Best Practices for Building Your Data Loss Prevention Strategy
The entire security team should share in the responsibility to secure sensitive data.
Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks
Several models of EZVIZ cameras are open to total remote control by cyberattackers, and image exfiltration and decryption.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs
In Microsoft's lightest Patch Tuesday update of the year so far, several security vulnerabilities stand out as must-patch, researchers warn.

To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline
With enough passion, intelligence, and effort, anyone can be a successful cybersecurity professional, regardless of education or background.

Name That Toon: Shiver Me Timbers!
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

MORE
EDITORS' CHOICE
TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls
Honeypot activity exposed two credentials that the threat actor is using to host and distribute malicious container images, security vendor says.
LATEST FROM THE EDGE

Key Takeaways From the Twitter Whistleblower's Testimony
Twitter did not know what data it had or who had access to it, Peiter "Mudge" Zatko told Congressional lawmakers during a Senate panel hearing.
LATEST FROM DR TECHNOLOGY

Note to Security Vendors — Companies Are Picking Favorites
A stunning three-quarters of companies are looking to consolidate their security products this year, up from 29% in 2020, suggesting fiercer competition between cybersecurity vendors.
WEBINARS
  • Strategies for DDoS Resilience and Response

    There are few things more disruptive than a distributed denial-of-service (DDoS) attack. The criminals behind these attacks have one objective: to bring everything to a stop so you can't conduct business as usual. How can you ensure business continuity during ...

  • Manage Your Unmanaged Cloud Attack Surface

    Have recent events forced your organization to accelerate your digital transformation projects? With IT, DevOps and security teams running at redline, attackers are constantly looking for configuration mistakes or vulnerabilities to exploit. While many security teams have worked to develop ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
Fortanix Raises $90M in Series C Funding Led by Goldman Sachs Asset Management
Telos Corporation to Help Enterprises Operationalize Cybersecurity Compliance and Regulatory Risks with IBM Security
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Building & Maintaining an Effective Remote Access Strategy
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us