时间:2024-09-22 06:49:05 来源:网络整理 编辑:新闻中心
A major security exploit that let researchers change Bing search results was revealed this week. The
A major security exploit that let researchers change Bing search results was revealed this week.
The vulnerability was discovered in January by cybersecurity research company Wiz and reported to the Microsoft Security Response Center (MSRC).
In a Twitter thread, Wiz researcher Hillai Ben-Sasson explained how he was able to hack into Bing's content management system (CMS). By logging into Microsoft's cloud computing platform Azure, he discovered that he could grant all users access to internal Microsoft apps. He then accessed a database of Bing's search results. From there, Ben-Sasson figured out that he could actually modify what showed up in the results.
Wiz researchers also discovered that Bing was vulnerable to a Cross-Site Scripting (XSS) attack and discovered they had access to sensitive Office 365 data including Outlook emails, Calendar information, and Teams messages. MSRC detailed security updates and shared recommendations for Azure AD admins and developers in its blog post.
The purpose of the researchers' experiment was to show that it was possible and share its findings with Microsoft. But it shows how malicious hackers could have wreaked havoc for Bing.
"A malicious actor with the same access could’ve hijacked the most popular search results with the same payload and leak sensitive data from millions of users," said the Wiz blog post. Luckily it was caught before any major damage was done.
Tweet may have been deleted
Microsoft confirmed that it has been fixed as of March 29. Wiz received a $40,000 "bug bounty" for reporting the vulnerability, which it it plans to donate to an unspecified recipient.
Alcaraz vs. Van de Zandschulp 2024 livestream: Watch US Open for free2024-09-22 06:48
Amazon First Reads deal: Prime members get two free Kindle books2024-09-22 06:17
Spy agency warns of NK2024-09-22 05:42
Best Cyber Monday AirPods deals: AirPods Pro at record2024-09-22 05:30
Game Plan2024-09-22 05:27
13 Places to Find Little Legends and Compact Cryptids2024-09-22 05:20
Robot vacuum deal: Get the iRobot Roomba 694 for 42% off2024-09-22 05:06
Google launches Pixel 8 and 8 Pro in new Mint color2024-09-22 04:55
Coach jailed for sexual exploitation of underage athlete2024-09-22 04:53
23 Peculiar Places of 20232024-09-22 04:05
Smiley face on Mars is a telltale sign of its past2024-09-22 06:27
President least trusted profession among students: survey2024-09-22 06:09
Best Dyson deal: Get $120 off the Dyson Airwrap as a My Best Buy member2024-09-22 06:05
N. Korea's trade with China shrinks 5% on2024-09-22 06:02
[Exclusive] Samsung unsure of Suga's future as brand ambassador: source2024-09-22 05:43
How 'Snakes on a Plane' shaped Medusa in 'Percy Jackson and the Olympians'2024-09-22 05:42
15 Places for Soup2024-09-22 05:24
Bail granted to ex2024-09-22 04:52
16 of the Most Epic Sandwiches Around the Planet2024-09-22 04:48
Woodland to return at Waialae after brain surgery2024-09-22 04:09