Microsoft introduced right now at its Ignite annual convention in Chicago, Illinois, that it is increasing its bug bounty packages with Zero Day Quest, a brand new hacking occasion specializing in cloud and AI merchandise and platforms.
The Zero Day Quest begins right now with a analysis problem the place submissions of vulnerabilities for particular situations can earn multiplied bounty awards and will qualify for the 2025 onsite hacking occasion (invite solely) in Redmond, Washington. This problem is open to everybody and can run from November 19, 2024, by means of January 19, 2025.
To additional advance AI safety, beginning right now, Microsoft says it would additionally provide double bounty awards for AI vulnerabilities reported by safety researchers whereas additionally offering them with direct entry to the Microsoft AI engineers and the corporate’s AI Crimson Crew.
“This new hacking event will be the largest of its kind, with an additional $4 million in potential awards for research into high-impact areas, specifically cloud and AI,” stated Tom Gallagher, VP of Engineering on the Microsoft Safety Response Heart (MSRC).
“Zero Day Quest will provide new opportunities for the security community to work hand in hand with Microsoft engineers and security researchers– bringing together the best minds in security to share, learn, and build community as we work to keep everyone safe.”
That is a part of Microsoft’s Safe Future Initiative (SFI), a cybersecurity engineering effort launched in November 2023 to spice up cybersecurity safety throughout its merchandise simply in time to get forward of a scathing report issued by the Cyber Security Overview Board of the U.S. Division of Homeland Safety saying that the corporate’s “security culture was inadequate and requires an overhaul.”
As BleepingComputer reported, Microsoft discovered itself on the receiving finish of Chinese language hackers’ assaults in Might, when the attackers stole over 60,000 emails from U.S. State Division accounts after breaching the corporate’s cloud-based Change electronic mail platform.
Safety flaws affecting a number of different Microsoft merchandise and platforms have additionally been utilized in widespread assaults. As an example, lately, many risk actors (together with ransomware gangs) have abused ProxyShell, ProxyNotShell, and ProxyLogon vulnerabilities to focus on tens of hundreds of Change servers uncovered on-line.
“As part of our Secure Future Initiative (SFI), we will transparently share critical vulnerabilities through the Common Vulnerabilities and Exposures (CVE) program, even if they require no customer action,” Gallagher added.
“Learnings from the Zero Day Quest will be shared across Microsoft to help improve cloud and AI security – by default, by design, and in operations.”
At present, Microsoft additionally shared extra info on the brand new administrator safety safety characteristic, accessible in preview on Home windows 11 units and designed to dam entry to essential system sources utilizing additional Home windows Hiya authentication prompts.
“Since launching SFI, we’ve focused the equivalent of 34,000 full-time engineers on the highest-priority security challenges,” added David Weston, the corporate’s Vice President for Enterprise and OS Safety, right now.
