Microsoft announced that researchers may claim up to $30,000 in rewards by examining its Teams desktop application for security vulnerabilities, in a bid to show its dedication to securing user data, according to Threatpost. The new Apps Bounty Program will offer the maximum reward for discovery of “vulnerabilities that have the highest potential impact on customer privacy and security,” and lower rewards according to a five-tier system. The company will also offer between $500 and $15,000 for general bounties, while exceptional bug hunters may become eligible for entry into the yearly MSRC Most Valuable Security Researcher list or inclusion into Microsoft’s Researcher Recognition Program, said program manager Lynn Miyashita. Participants are to submit their uncovered online vulnerabilities through the Online Services Program. Microsoft’s Teams has recently been the target of phishing scams and a malware campaign using fake Teams updates, prompting the company to launch the program to garner brand support. A recent survey found that tech vendors who show a proactive approach to security, including hosting bug-bounty programs, are the preferred option for 75% of IT professionals.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Organizations could have their sensitive information compromised through a high-severity vulnerability in Google Cloud, Azure, and Amazon Web Services command line interface tools dubbed "LeakyCLI", The Hacker News reports.
Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.