Tag Archives: Teams

Security News for the Week Ending March 5, 2021

Google Gives Up On Address Space Layout Randomization (ASLR)

ASLR is a security technique that has been used for years to make it harder for hackers to FIND code in memory to compromise it. There is a problem in the rendering engine in the Chromium project that breaks ASLR and Google says that they won’t fix it. Google says they are resigned to the fact that ASLR cannot be saved. They do have a plan, they say, for something better. Stay tuned. Credit: The Register

TALON: The Nationwide Network of Surveillance Cameras

A company called Flock has built a nationwide network of surveillance cameras using automated license plate readers. They sell to (anyone who’s check clears) police departments, homeowners associations and businesses. The system can record all license plates and detect “non-resident” vehicles or vehicles on a hotlist. The program, called TALON, allows customers to track vehicles and, by extension, people, anywhere in the country. They scan 500 million license plates a month and sell their data to, among others, 500 police departments. Customers of Flock can make the data available to anyone they choose to. Credit: Vice

New ‘unc0ver’ Tool Can Jailbreak All iPhones Running iOS 11-14.3

Like all good software, unc0ver is updated and now, newly released version 6 can jailbreak idevices running iOS 11.0 to 14.3. Apple has patched the bug in iOS 14.4, but they admitted that it may have been used by bad actors. This is a cat and mouse game, so expect version 7 of unc0ver. Credit: The Hacker News

Microsoft Tries to Catch up to Zoom with End to End Encryption in Teams

Months after Zoom was roundly criticized for not having adequate encryption and then implementing it, Microsoft says that they will implemented end to end encryption, but only on one-to-one calls. Note that it will not be on by default. They will also, separately, add customer key support to allow customers to encrypt chat, meeting recordings and other information that is not now currently encrypted. All of this will require customers to take actions to make it happen. Credit: Bleeping Computer

I’ll Teams You

Okay, so Teams is not a verb. But neither was Google, as in go Google it.

Hackers have figured out that as people are just learning about collaboration software like Teams and Slack, there is a lot of squishiness around the edges.

Say you are part of a Teams group that includes employees, contractors and vendors. Say you get a message that someone is going to connect with you. You assume that you are inside this bubble and it is all secure.

But it is not.

What if that contractor’s credentials got compromised and it wasn’t even the contractor that sent you the message.

What if you get that Teams meeting message in email (I get most of mine that way)? And what if that link is actually malicious? (Have you looked at a Teams link? It is completely undecipherable, unlike a Zoom or Go To Meeting link.

Likewise you might get a Teams request to share a file, but in large groups do you know if that request is legit? Or that the file shared is safe?

Researchers found one financial services firm whose Teams channel had been compromised for a YEAR!

The hackers did recon first. Very quiet. Hard to detect. They collected intel.

Then, when they saw a request for a file, they launched. They sent the file. Only it wasn’t the file, it was malware and everyone who opened it was toast.

For more details on how some of the attack scenarios work check out the SC Magazine link below. Note that this link is readable by humans; just hover over it.

It is up to companies to train their users in a new attack method. Sorry.

Credit: SCMagazine

Or if you don’t trust links, here is the URL: https://www.scmagazine.com/application-security/ill-teams-you-employees-assume-security-of-links-file-sharing-via-microsoft-comms-platform/