Microsoft launches Defender Bounty Program with $20,000 rewards

Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based on vulnerability severity, impact, and submission quality. The highest reward is available for high-quality reports of critical severity remote code execution vulnerabilities. Currently, the Microsoft Defender Bounty Program is limited in scope and will focus solely on Microsoft Defender for Endpoint APIs. It is expected to expand to include other Defender products in the future. "The Microsoft Defender Bounty Program invites researchers across the globe to identify vulnerabilities in Defender products and services and share them with our team," said MSRC Senior Program Manager Madeline Eckert. "Microsoft's Bug Bounty programs represent one of the many ways we invest in partnerships with the global security research community to help secure Microsoft customers." Per Microsoft's guidelines, the bounty will be awarded to the initial submission if multiple security researchers file multiple bug reports regarding the same issue. If a submission qualifies for multiple bounty programs, the researchers will receive the highest single payout reward from a single bounty program. Further details regarding the Microsoft Bounty Program are available on this FAQ page. Today, Microsoft also revealed that it paid $58.9 million in rewards to 1,147 security researchers worldwide who reported 446 eligible vulnerabilities across 22 bug bounty programs. One month earlier, the company announced a new AI bounty program focused on the AI-driven Bing experience, with rewards of up to $15,000. Last year, Redmond added on-premises Exchange, SharePoint, and Skype for Business to its bug bounty program and increased the maximum awards for high-impact security flaws reported through its Microsoft 365 program. HackerOne paid ethical hackers over $300 million in bug bounties. New Microsoft bug bounty program focuses on AI-powered Bing. Bounty offered for secret NSA seeds behind NIST elliptic curves algo.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Microsoft launches Defender Bounty Program with $20,000 rewards

Microsoft launches Defender Bounty Program with $20,000 rewards - Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000. While higher awards are possible, Microsoft retains sole discretion to determine the final reward amount based ...
10 months ago Bleepingcomputer.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
6 months ago Techcommunity.microsoft.com
Netflix Paid Out Over $1 Million via Bug Bounty Program - Netflix has paid out more than $1 million for vulnerabilities found in its systems and products since the launch of its bug bounty program in 2016. The streaming giant said on Tuesday that more than 5,600 researchers have contributed to its program ...
4 months ago Packetstormsecurity.com
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
6 months ago Bleepingcomputer.com
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics - Windows Defender places malicious files into quarantine upon detection. Fox-IT's open-source digital forensics and incident response framework Dissect can now recover this metadata, in addition to recovering quarantined files from the Windows ...
9 months ago Blog.fox-it.com
Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence - In just a few short months since our launch in November of last year, the Wordfence Bug Bounty Program has already awarded over $153,000 in bounties to WordPress security researchers who have been responsibly reporting security issues in WordPress ...
6 months ago Wordfence.com
Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program - Our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scope. Together with our researchers and software vendors, we've protected millions of websites from vulnerabilities - and this is just the beginning. We're ...
4 months ago Wordfence.com
Poking holes in Google products bagged bug hunters $10M The Register - Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. The web goliath's 2023 total represents a slight dip compared to the $12 million in bounties it paid the previous year. Hopefully this means ...
6 months ago Go.theregister.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
10 months ago Microsoft.com
Microsoft Defender adds detection of unsecure Wi-Fi networks - If you're not a Microsoft Defender user with a Microsoft 365 Family or Personal subscription, you can also protect yourself by enabling multi-factor authentication on as many of your accounts as possible and turning off automatic Wi-Fi connections to ...
1 week ago Bleepingcomputer.com
Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team - AI is quickly becoming a force multiplier-presenting significant opportunities for security teams to increase productivity, save time, upskill resources, and more. Microsoft Copilot for Security is already showing immediate impact for security teams ...
7 months ago Microsoft.com
​​Microsoft is a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms - It's no secret that ransomware is top of mind for many chief information security officers as the number of attacks has increased exponentially. Scaling device protection and security operations center efficiency by simplifying, automating, and ...
8 months ago Microsoft.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
6 months ago Securityweek.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
6 months ago Packetstormsecurity.com
Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
10 months ago Bleepingcomputer.com
Netography Fusion Expands Microsoft Integrations for Greater Context Enrichment and Faster Compromise Detection - We've got great news for companies that have deployed Microsoft security products in their tech stack - the Netography Fusion® Network Defense Platform now ingests context from Microsoft Defender for Endpoint product and the Microsoft Defender XDR ...
9 months ago Securityboulevard.com
HackerOne paid ethical hackers over $300 million in bug bounties - HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and ...
10 months ago Bleepingcomputer.com
Microsoft Defender Isolates Compromised Linux Endpoints - Microsoft announced today that it has added device isolation support to Microsoft Defender for Endpoint on Linux devices. Enterprise admins can manually isolate Linux machines enrolled in a public preview using the Microsoft 365 Defender portal or ...
1 year ago Bleepingcomputer.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
10 months ago Microsoft.com
Google Play Apps Promote Unattainable Rewards, Amass 20 Million Downloads - A new category of activity tracking applications has been having massive success recently on Google Play, Androids official app store, having been downloaded on over 20 million devices. The applications promote themselves as health, pedometer, and ...
1 year ago Bleepingcomputer.com
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin - On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. The next day on February 26th, ...
5 months ago Wordfence.com
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
9 months ago Microsoft.com
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
8 months ago Cybersecuritynews.com
Chrome 120 Update Patches High-Severity Vulnerabilities - Google on Tuesday announced the release of a Chrome 120 security update that addresses nine vulnerabilities, six of which were reported by external researchers. Of the externally reported flaws, five have a severity rating of 'high', four of which ...
9 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)