A bug left your Microsoft account wide open to complete takeover

TwitterFacebook

Bug bounty hunter Sahad Nk recently uncovered a series of vulnerabilities that left Microsoft users’ accounts — from your Office documents to your Outlook emails — susceptible to hacking.

While working as a security researcher with cybersecurity site SafetyDetective, Nk discovered that he was able to take over the Microsoft subdomain, http://success.office.com, because it wasn’t properly configured. This allowed the bug hunter to set up an Azure web app that pointed to the domain’s CNAME record, which maps domain aliases and subdomains to the main domain. By doing this, Nk not only takes control of the subdomain, but also receives any and all data sent to it. Read more...

More about Microsoft, Hacking, Office, Bugs, and Vulnerability


COntributer : Mashable https://ift.tt/2SDKKsr

A bug left your Microsoft account wide open to complete takeover A bug left your Microsoft account wide open to complete takeover Reviewed by mimisabreena on Wednesday, December 12, 2018 Rating: 5

No comments:

Sponsor

Powered by Blogger.