Network Security, Vulnerability Management

Microsoft doubles bug bounty payoff max, expands program

Microsoft said Wednesday it would further expand its Bounty for Defense program, upping the payout maximum from $50,000 to $100,000 and launching a bonus period for its Online Services Bug Bounty during which bounties will be doubled, meaning researchers can receive as much as $30,000 for discovering authentication vulnerabilities, according to a release.

The bonus period will span from Aug. 5 to Oct. 5, 2015 and include bugs found in Microsoft Account (MSA) and Azure Active Directory (AAD). Microsoft will also add a RemoteApp to the list of domains covered under the bounty program.

Microsoft expanded the program to better reward researchers while improving systemwide defenses with the latest expansion coming in response to feedback from the security research community, the release said.

Related

Key cybersecurity concerns among CISOs examined

Mounting zero-day vulnerabilities, more sophisticated living-off-the-land attack techniques, and escalating extortion levels were noted by Mandiant executives to be among the most pressing cybersecurity concerns faced by chief information security officers, CyberScoop reports.

US, Australia apprehend Firebird RAT developer

The FBI and Australian Federal Police have partnered to arrest and indict an unnamed Australian who developed Firebird/Hive remote access trojan and California-based Edmond Chakhmakchyan, also known as Corruption, who allegedly marketed the RAT, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.