fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Pays Over $370,000 For Azure Sphere Bug Reports

Microsoft Pays Over $370,000 For Azure Sphere Bug Reports

Microsoft awarded over $370,000 in bounties to security researchers for 16 bounty eligible reports of vulnerabilities submitted through the Azure Sphere Security Research Challenge (ASSRC) IoT-focused research program.

Azure Sphere Security Research Challenge is a 3-month expansion to the Azure Security Lab bounty program Microsoft announced last year at Black Hat 2019.

The ASSRC expansion added to the already existent incentives, coordination framework, and support resources to make Coordinated Vulnerability Disclosure (CVD) easier for researchers and to stimulate further Azure Sphere research.

70 researchers from more than 20 countries submitted 40 vulnerability reports during the challenge that took place from June 1, 2020, through August 31, 2020, with 30 of these reports leading to improvements of the Azure Sphere IoT security solution.

Out of the 40 submissions, 16 were bounty-eligible amounting to $374,300 in awarded bounties. 10 of those that were not eligible “identified known areas where a potential risk is specifically mitigated in another part of the system—something often referred to in the field as ‘by design’.”

Azure Sphere Security Research Challenge breakdown
Image: Microsoft

Also Read: What Legislation Exists In Singapore Regarding Data Protection and Security?

Microsoft awarded the bounties to researchers who were able to demonstrate their ability to execute code on the Azure Sphere application platform’s Secure World or the Microsoft Pluton security subsystem.

“Many of the vulnerabilities found during the research challenge were novel and high impact, and led to major security improvements for Azure Sphere in their 20.07, 20.08, and the latest 20.09 updates, which have been automatically pushed to Azure Sphere devices that are connected to the internet to help secure Azure Sphere customers,” Microsoft said.

“Security researchers from McAfee ATR and Cisco Talos reported some of the highest impact vulnerabilities in Azure Sphere, especially a full attack chain developed by McAfee ATR that exposed a weakness in the cloud and multiple weaknesses on the device including a previously unknown Linux kernel vulnerability.”

The researchers participating in the challenge achieved three of the general scenarios focused on several levels of the Azure Sphere OS:

  • Anything allowing execution of unsigned code that isn’t pure return oriented programming (ROP) under Linux
  • Anything allowing elevation of privilege outside of the capabilities described in the application manifest(e.g. changing user ID, adding access to a binary)
  • Ability to modify software and configuration options (except full device reset) on a device in the manufacturing state

Researchers can still submit any Azure Sphere high impact vulnerabilities as part of the Microsoft Azure Bounty Program, with qualified submissions bein eligible for awards up to $40,000.

Microsoft also announced in August that it has awarded $13.7 million to researchers who reported vulnerabilities over the last 12 months through 15 bug bounty programs, between July 1st, 2019, and June 30th, 2020.

In 2020 alone, the company launched six new bug bounty programs and two new research grants, receiving 1,226 eligible vulnerability reports from 327 security researchers.

Microsoft also joined the Open Source Security Foundation (OpenSSF) as a founding member in August, together with GitHub, Google, IBM, JPMC, NCC Group, OWASP Foundation, and Red Hat.

Also Read: By Attending This Event You Agree To Be Photographed

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us