Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish


The ability to recover access tokens for additional Teams users enables attackers to progress from a single compromise to the capacity to impersonate crucial personnel, yet Microsoft has no plans to remedy this issue.

Attackers who obtain initial access to a victim’s network now have another way of extending their reach by impersonating those employees and taking advantage of their confidence by leveraging access tokens from other Microsoft Teams users. Read More…