Bug Bounty

Microsoft Starts New & Unique Identity Bug Bounty Program

Today the microsoft corporation started a new bug bounty program for the microsoft online identity server technology. To further increase the safety of its customers, the tech giant has launched a completely new and independent bug bounty program in the second qarter of 2018. The newly launched bug bounty program, known as the microsoft identity bug bounty program, includes identity solutions for microsoft accounts and azure active directory as well as some implementations of the OpenID specifications. New payouts for the new microsoft Identity bug bounty program range from $500 to $100,000, depending on the impact and analysis even of security researchers and debuggers.

AT&T BizCircle - Frontend & Backend Vulnerabilities

Last month, researchers in our laboratory conducted in-depth safety tests on the AT&T BizCircle Platform. This has identified a number of security holes that AT&T has now eliminated. The core researchers in the laboratory go into more detail in the article.

This time the reported security vulnerabilities of the core team were limited to the frontend and backend management of the BizCircle application. Validation weaknesses and output errors in the user profile of the application were exploited. These allowed an attacker to inject malicious script code with persistent attack vectors. The affected entries were e.g. display name, first name & load name.