Security News > 2021 > July > Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k
Microsoft's Applications Bounty Program has been extended to cover Microsoft Teams mobile apps, and bug hunters can earn up to $30,000 for reports about specific vulnerabilities.
Microsoft Teams is an enterprise communication and collaboration platform that provides workspace one-on-one and group chat, videoconferencing, VoIP, file sharing and storage, and meetings.
Microsoft started its Applications Bounty Program in March 2021, with Microsoft Teams Windows, macOS, and Linux desktop clients as the initial targets for bug hunters.
Microsoft is now looking for reports about vulnerabilities of Critical or Important severity reproducible on a fully patched operating system and the latest version of the corresponding Microsoft Teams mobile application.
Microsoft offers a maximum award of $30,000 for vulnerabilities that allow remote code execution with no user interaction, and $15,000 for those that may allow attackers to obtain authentication credentials for other users - but not through phishing.
"Submissions for Teams online services will continue to be awarded under the Online Services Bounty Program," Lynn Miyashita, Program Manager at Microsoft Security Response Center, added.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/6jignvKFLwk/
Related news
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)