Security News > 2024 > February > 5 Steps to Improve Your Security Posture in Microsoft Teams
The cybersecurity risks of SaaS chat apps, such as Microsoft Teams or Slack, often go underestimated.
In the most recently reported case, AT&T Cybersecurity discovered phishing conducted against its Managed Detection and Response customers over Microsoft Teams in a DarkGate malware attack.
If external communication through Teams is required, enable access only for specific domains that regularly interact with users through Teams, to strike a balance between the organization's communication needs and its security.
In the Microsoft Teams Admin Center, under teams policy, toggle "Invite external users to shared channels" to off.
In the Microsoft Teams External Access configurations, disable "External users with Teams accounts not managed by an organization can contact users in my organization." By limiting who can start conversations, you reduce the likelihood of unauthorized access and communication.
Implementing the recommended remediation measures will contribute to a more secure Microsoft Teams environment, safeguarding your organization and its sensitive data from malicious actors.
News URL
Related news
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Fleet: Open-source platform for IT and security teams (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- ‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security (source)