Never miss a story

Get subscribed to our newsletter


×
Microsoft launches e-commerce portal for Telangana's handloom weavers. Pixabay

A Kerala-based application security engineer has won bug bounty from Microsoft for discovering a series of vulnerabilities that left over 400 million Microsoft users’ accounts — from Office 365 to Outlook emails — open to hacking.

Sahad NK, who works as a security researcher with cybersecurity portal Safetydetective.com, came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link.


“Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them,” said Safetydetective on Tuesday.

The vulnerabilities were reported to Microsoft in June and fixed by November end.

“While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store,” said Sahad.


A sign for Microsoft is seen on a building in Cambridge. VOA

Sahad discovered that a Microsoft subdomain, “success.office.com”, had not been properly configured. He also found bug in Microsoft Office, Store and Sway products.

A string of bugs when chained together created the perfect attack to gain access to someone’s Microsoft account — simply by tricking a user into clicking a link.

“Anyone’s Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user,” said TechCrunch.

Also Read- New Bug Forces Alphabet to Expedite Google+ API Shutdown

Sahad, with the help of fellow security researcher Paulos Yibelo, reported the bug to Microsoft, which fixed the vulnerability and gave an unspecified amount as bug bounty to Sahad.

Several tech companies offer bug bounty incentives. Sahad also received bug bounty from Facebook last year for discovering a bug in the social networking platform. (IANS)


Popular

Wikimedia Commons

The cosmetic industry is ever-changing and always gives us something new to wish for.

By IANSlife

Today, we are exposed to a gazillion beauty product launches every now and then. The cosmetic industry is ever-changing and always gives us something new to wish for. But how much thought do we actually put in before buying the skincare product for ourselves? You should always pay attention to the products and their ingredients. Choosing products from a company with a reputable line of products can be helpful, since each component may be designed to work in conjunction with the others. You can also be assured of the products' quality and may better be able to predict how your skin will react to trying a different product in the same line.

Skin is one of the largest organs of the body. Because of this, caring for your skin can directly affect your overall health. Your skin acts as a protective shield and is most vulnerable to outside elements. It's affected by more factors than you may think. In addition to this, your health also affects your choice of skincare products and vice-versa.

Nandeeta Manchandaa, Founder of ENN shares the whys and hows:

Let's talk Vitamins: Your body needs all essential vitamins for proper functioning and if any vitamin is a miss, then effects show on your skin too. Like- dark spots, pigmentation are often seen on people with melanin issues, or even in pregnant ladies. So Vitamin-C rich products are the go-to to combat this issue.

red and brown medication pill Your body needs all essential vitamins for proper functioning and if any vitamin is a miss, then effects show on your skin too. | Photo by Raimond Klavins on Unsplash

Keep Reading Show less
Flickr

Hackers have stolen crypto tokens worth $120 million from Blockchain-based decentralised finance (DeFi) platform BadgerDAO.

Hackers have stolen crypto tokens worth $120 million from Blockchain-based decentralised finance (DeFi) platform BadgerDAO. Several crypto wallets were drained before the platform could stop the cyber attack. In a tweet, Badger said it has received reports of unauthorised withdrawals of user funds. "As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible," the company said late on Thursday.

According to the blockchain security and data analytics Peckshield, the various tokens stolen in the attack are worth about $120 million, reports The Verge. According to reports, someone inserted a malicious script in the user interface (UI) of their website. Badger has retained data forensics experts Chainalysis to explore the full scale of the incident and authorities in both the US and Canada have been informed. "Badger is cooperating fully with external investigations as well as proceeding with its own," it said. DeFi is a collective term for financial products and services that are open, decentralised and accessible to anyone. DeFi products open up financial services to anyone with an internet connection and they are largely owned and maintained by their users. While the attack didn't reveal specific flaws within Blockchain tech itself, it managed to exploit the older "web 2.0" technology that most users need to use to perform transactions, according to reports. (IANS/ MBI)


Keep Reading Show less
IANS

Kishan said that the organisers have been asked to strictly follow all Covid-19 protocols.

A total of 120 top Bollywood and other celebrities are expected to attend the wedding of film stars Katrina Kaif and Vicky Kaushal which is scheduled on December 9 in Rajasthan, said Rajendra Kishan, the District Collector (DC) of Sawai Madhopur district of the state on Friday. The District Collector told mediapersons: "These 120 guests shall follow all COVID-19 protocols and fully vaccinated guests will get entry in the much-hyped celebrity wedding."

Kishan said that the organisers have been asked to strictly follow all Covid-19 protocols. Also, those who are not vaccinated, will not be allowed without the negative RT-PCR test report, he added. "We have been informed by organisers that a total of 120 guests are invited to the wedding and the events will take place between December 7 to December 10," he added.

Earlier at 10.30 a.m., Kishan called a meeting which was attended by administrative, police and forest department officials, hotel and event managers to ensure adequate arrangements for crowd control, smooth regulation of traffic, and law and order situation amid the VIP movement. The wedding venue Fort Barwara, that has been converted into a heritage hotel, is situated in the panchayat samiti Chauth Ka Barwara. The venue is around 22 km away from Sawai Madhopur and is around 174 km from Jaipur. Sawai Madhopur district is famous for the Ranthambore National Tiger Reserve and as per reports, the guests are likely to be taken for a tiger safari. (IANS/ MBI)


Keep reading... Show less