Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Microsoft Adds On-premises Exchange, SharePoint to Bug Bounty Program

Microsoft Adds On-premises Exchange, SharePoint to Bug Bounty Program

Microsoft has announced that Exchange, SharePoint, and Skype for Business on-premises are now part of the Applications and On-Premises Servers Bounty Program starting today.

With the expansion of this bug bounty program, security researchers who find and report vulnerabilities affecting on-premises servers are eligible for awards ranging from $500 up to $26,000.

“The Microsoft Applications and On-Premises Servers Bounty Program invites researchers across the globe to identify vulnerabilities in specific Microsoft applications and on-premise servers and share them with our team,” the company says.

“Higher awards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission.”

Also Read: Data Protection Act of Singapore: Validity in the Post-pandemic World

The Microsoft Security Response Center (MSRC) team also said that security researchers could be awarded higher rewards based on severity multipliers stemming from reported vulnerabilities’ impact.

“The bounty also includes high-impact scenarios offering the highest awards to research in areas with the highest potential impact on customer security,” the MSRC team added.

“The goal of the bounty program is to uncover significant technical vulnerabilities that have a direct and demonstrable impact on the security of our customers using the latest version of the application,” Microsoft further explained.

Also Read: National Cybersecurity Awareness Campaign of Singapore: Better Cyber Safe than Sorry

Security Impact Severity Multiplier 
EXCHANGE ONLY: Server-Side Request Forgery allows an attacker to make server-side HTTP requests to arbitrary URLs. 20% 
SHAREPOINT ONLY: Authenticated Server-Side Request Forgery allows an attacker to make authenticated server-side HTTP requests to arbitrary URL 20% 
Insecure deserialization of user-controllable data, leading to remote code execution on server 30% 
Arbitrary file write of user-controlled data on user-controlled location on the server.   20% 
Authentication bypass allows for unauthenticated exploitation which results in mass exploitation of vulnerabilities 20% 
Vulnerabilities within Exchange Emergency Mitigation Service (EEMS) 15% 

More information about award amounts, in-scope apps and on-premise servers is available on the Applications and On-Premises Servers Bounty Program page.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us