Search results for: Microsoft bug bounty

week in review

Week in review: Account pre-hijacking, Sigstore, ransomware still winning

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RansomHouse: Bug bounty hunters gone rogue? A new cybercrime outfit that calls itself RansomHouse is attempting to carve out a niche of the cyber extortion market for itself by hitting organizations, stealing their data, and offering to delete it and provide a full report on how and what vulnerabilities were exploited in the process – all for a fee, of … More

week in review

Week in review: F5 BIG-IP flaw, critical bugs in Aruba and Avaya network switches, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and interviews: May 2022 Patch Tuesday forecast: Look beyond just application and OS updates April Patch Tuesday provided an extensive set of operating system and application updates after a few quiet months. TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches Armis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Critical F5 … More

bug bounties

Microsoft asks bug hunters to probe on-premises Exchange, SharePoint servers

Bug hunters that discover and report high-impact security vulnerabilities in on-premises Exchange, SharePoint and Skype for Business may earn as much as $26,000 per eligible submission, Microsoft has announced. The highest awards will go to those who discover vulnerabilities that have the highest potential impact to customer security. This includes vulnerabilities that allow for scenarios like: Insecure deserialization of user-controllable data, leading to remote code execution on server Arbitrary file write of user-controlled data on … More

Microsoft Teams

Microsoft adds Safe Links phishing protection to Microsoft Teams

Microsoft has extendend the phishing protection offered by Microsoft Defender for Office 365’s Safe Links feature to Microsoft Teams. “At its core, Safe Links provides time-of-click verification of URLs. This process entails scanning URLs for potentially malicious content and again evaluating them when they are clicked on by a user,” Girish Chander, Microsoft’s Group Program Manager of Office 365 Security, explained. Protecting users Since the start of the COVID-19 pandemic, the number of users of … More

Microsoft Teams

Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k

Microsoft’s Applications Bounty Program has been extended to cover Microsoft Teams mobile apps, and bug hunters can earn up to $30,000 for reports about specific vulnerabilities. Microsoft Teams: A popular business solution Microsoft Teams is an enterprise communication and collaboration platform that provides workspace one-on-one and group chat, videoconferencing, VoIP, file sharing and storage, and meetings. Its popularity and use soared in the wake of the COVID-19 pandemic and, as of April 2021, it has … More

exploits for sale

22% of exploits for sale in underground forums are more than three years old

Trend Micro released a research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years old. Older exploits for sale more popular with criminals The research found that 22% of exploits for sale in underground forums are more than three years old. “Criminals know that organizations are struggling to prioritize and patch promptly, and our research shows that patch delays are frequently taken … More

AttackForge Core: A pentest management solution for consultancies and medium-sized enterprises

AttackForge has announced AttackForge Core – the latest addition to the AttackForge family of products. “With the launch of AttackForge Core, we now have a pentest management solution for every cybersecurity team – from freelancers & bug bounty hunters to consultancies & MSSPs and multi-national enterprises,” said Stas Filshtinskiy, Co-Founder of AttackForge. AttackForge Core is aimed at bringing the sophisticated workflows and features of its older sibling – AttackForge Enterprise – into an affordable software-as-a-service … More

week in review

Week in review: Phishers’ perfect targets, evaluating partner cyber resilience, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles: Microsoft offers rewards for security bugs in Microsoft Teams Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. Tackling cross-site request forgery (CSRF) on company websites Everyone with half a mind for security will tell you not to click on links in emails, … More

Bug

Microsoft offers rewards for security bugs in Microsoft Teams

Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business communication platform. About Microsoft Teams Microsoft Teams offers workspace chat, VoIP and videoconferencing, file sharing through chats, and meetings. Like other videoconferencing and communication solutions, Microsoft Teams received a considerable boost with the advent of the Covid-19 outbreak, fueled by companies’ need to keep in touch with their employees … More

Kali Linux

How Kali Linux creators plan to handle the future of penetration testing

Offensive Security might best known as the company behind Kali Linux, the popular (and free) open-source pen testing platform, but its contribution to the information security industry is definitely not limited to it. “Over 60% of Fortune 100 companies employ Offensive Security-trained professionals – that is definitely something for us to be proud of,” says its CEO, Ning Wang. The company’s main goal, according to her, is to train millions of professionals to embrace the … More

Office 365

Finding 365 bugs in Microsoft Office 365

Microsoft 365 is used by over a billion users worldwide, so attackers are naturally deeply invested in compromising its security. One of the ways of making sure this suite of products is as secure as possible, is a bug bounty program. During an upcoming presentation at HITB CyberWeek 2020, Ashar Javed, a security engineer at Hyundai AutoEver Europe, will share stories from his journey towards discovering 365 valid bugs in Microsoft Office 365. We took … More

password

Week in review: Password psychology, SaltStack Salt vulnerabilities exploited, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and podcasts: SaltStack Salt vulnerabilities actively exploited by attackers, patch ASAP! Two vulnerabilities in SaltStack Salt, an open-source remote task and configuration management framework, are being actively exploited by attackers, CISA warns. May 2020 Patch Tuesday forecast: Time for a break? Threat actor activity around COVID-19 exploitation increased dramatically in April. The US Department of Homeland Security and the UK National Cyber Security … More