A spoofed version of the popular RedAlert app collects sensitive user data on Israeli citizens, including contacts, call logs, SMS account details, and more.

Attackers are spoofing a widely used open source application that warns Israelis of incoming airstrikes, called RedAlert, to lure users into downloading a malicious version of the software that, instead of telling those under attack where to seek safety, collects their sensitive data.

Applications warning Israelis of incoming airstrikes have become a trending attack vector for pro-Palestinian threat groups, according to a new report from Cloudflare. The latest round of cyberattacks uses a modified version of the open source RedAlert to lure users into downloading the spoofed version, which then provides cybercriminals with access to contacts, call logs, SMS details, a list of accounts associated with the device, as well as insights into other apps installed on a victim's device, Cloudflare added.

"Only users who installed the Android version of the app from this specific website are impacted and urgently advised to delete the app," Cloudflare said. "Users can determine if they installed the malicious version by reviewing the permissions granted to the RedAlert app."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Malicious 'Airstrike Alert' App Targets Israelis

By Deeba Ahmed
Zero-Day Scare: Signal Messaging App Emerges Unscathed After Thorough Probe.
This is a post from HackRead.com Read the original post: Signal Zero-Day Vulnerability Rumors Refuted by Company

On Saturday, rumours began circulating regarding a potential Signal zero-day vulnerability that could impact the security and privacy of the messaging app’s users.

****_KEY FINDINGS_****

*   **On Saturday, a rumour originated that the Signal messaging app has a zero-day vulnerability.**

*   **After extensive investigation, Signa has confirmed that it didn’t find any evidence that a zero-day exists.**

*   **Rumours originated from an unverified source, shocking everyone and making users feel wary of using the app.**

*   **Signal has reiterated its commitment to ensuring user privacy and data security in its X post.**

Zero-day vulnerabilities refer to disclosed but unpatched bugs in a system or device. These bugs are worrisome because malicious actors can exploit them before the software developers release a patch and can cause damages amounting to millions of dollars.

The popular encrypted messaging app, Signal, was recently in the news after an unverified source claimed the app contained a zero-day vulnerability. The company quickly launched an investigation and found no evidence to support this claim.

In a post on X (formerly Twitter), Signal categorically denied that a zero-day bug exists in the system while reiterating its commitment to upholding user privacy and data security. The company stated that it has a robust mechanism to detect and address potential bugs/vulnerabilities.

“PSA (public service announcement): we have seen the vague viral reports alleging a Signal 0-day vulnerability. After a responsible investigation, we have no evidence that suggests this vulnerability is real – nor has any additional info been shared via our official reporting channels,” Signal’s post read.

The company also wrote that it contacted government officials as USG was quoted as a source in the ‘copy-paste report,’ revealing that the officials denied making any such claim.

“We also checked with people across the US government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.”

> We also checked with people across US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.
> 
> We take reports to \[email protected\] very seriously, and invite those with real info to share it there. 2/
> 
> — Signal (@signalapp) October 16, 2023

The rumours regarding zero-day in the Signal app originated from a single, unverified source on Saturday afternoon and spread like wildfire. 

Reportedly, the bug was associated with the General Links Previews feature, leading to a complete device takeover. Allegedly, the bug could be mitigated by disabling this feature in the app.

Now that Signal has confirmed no zero-day exists in the app, users can breathe a sigh of relief and continue using this app confidently. Signal also aims to upgrade its cryptographic specifications to prevent the threat of cyberattacks facilitated by quantum computers.

Zero-day vulnerabilities still remain a cause of concern within the cybersecurity community, as many bugs are discovered every year. Google’s Project Zero reported 50 zero days in the first nine months of this year, which is much higher than zero days discovered in 2022.

****_related articles_****

1.  Signal CEO hacks Cellebrite cellphone hacking, cracking tool
2.  How to use Signal Messenger face blur tool on Android & iOS
3.  Court docs show FBI can unlock iPhones, access Signal messages
4.  Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group
5.  Facebook blocks Signal from using ads to show Instagram data collection

Signal Zero-Day Vulnerability Rumors Refuted by Company

NLB mKlik Makedonija version 3.3.12 suffers from a remote SQL injection vulnerability.

    NLB mKlik Makedonija 3.3.12 SQL InjectionVendor: NLB Banka AD SkopjeProduct web page: https://www.nlb.mkGoogle Play: https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.productionAffected version: 3.3.12Summary: NLB mKlik е мобилна апликација наменета за физички лица,корисници на услугите на НЛБ Банка, која овозможува преглед наразличните продукти кои корисниците ги имаат во Банката како иизвршување на различни видови на трансакции на едноставен и предсе безбеден начин во било кој период од денот. NLB mKlik апликацијатаможе да се користи со Android верзија 5.0 или понова.Desc: The mobile application or the affected API suffers from an SQLInjection vulnerability. Input passed to the parameters that areassociated to international transfer is not properly sanitised beforebeing returned to the user or used in SQL queries. This can be exploitedto manipulate SQL queries by injecting arbitrary SQL code and disclosesensitive information.Tested on: Android 13Vulnerability discovered by Neurogenesia                            @zeroscienceAdvisory ID: ZSL-2023-5797Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php23.12.2022--Incident ID: ZSL-122022-NLBTHR------------------------------DB data disclosure PoC (international transfer details/description trigger):++[select alfa1+' девизен прилив' opis from pts (nolock) where unikum =dbo.dodajnuli(:unikum ,14) and kod = 15111]-

NLB mKlik Makedonija 3.3.12 SQL Injection

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features.
Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure.
Besides requesting invasive permissions to access call logs, camera, SMS messages, and external

Malware / Mobile Security

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features.

Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure.

Besides requesting invasive permissions to access call logs, camera, SMS messages, and external storage, SpyNote is known for hiding its presence from the Android home screen and the Recents screen in a bid to make it difficult to avoid detection.

"The SpyNote malware app can be launched via an external trigger," F-Secure researcher Amit Tambe said in an analysis published last week. "Upon receiving the intent, the malware app launches the main activity."

But most importantly, it seeks accessibility permissions, subsequently leveraging it to grant itself additional permissions to record audio and phone calls, log keystrokes, as well as capture screenshots of the phone via the MediaProjection API.

A closer examination of the malware has revealed the presence of what are called diehard services that aim to resist attempts, either made by the victims or by the operating system, at terminating it.

This is accomplished by registering a broadcast receiver that's designed to restart it automatically whenever it is about to be shut down. What's more, users who attempt to uninstall the malicious app by navigating to Settings are prevented from doing so by closing the menu screen via its abuse of the accessibility APIs.

"The SpyNote sample is spyware that logs and steals a variety of information, including key strokes, call logs, information on installed applications, and so on," Tambe said. "It stays hidden on the victim's device making it challenging to notice. It also makes uninstallation extremely tricky."

"The victim is eventually left only with the option of performing a factory reset, losing all data, thereby, in the process."

The disclosure comes as the Finnish cybersecurity firm detailed a bogus Android app that masquerades as an operating system update to entice targets into granting it accessibility services permissions and exfiltrate SMS and bank data.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

By Waqas
If you've downloaded a rocket alert app from a third-party source, ensure it's spyware-free and delete it from your device.
This is a post from HackRead.com Read the original post: Hackers Target Israeli Rocket Alert App Users with Spyware

While the identity of the culprits behind this spyware campaign remains uncertain, their tactics closely resemble those used by pro-Palestinian hackers, such as AnonGhost.

On October 9th, 2023, **Hackread.com reported** on the infiltration by pro-Palestinian hackers associated with AnonGhost into the Red Alert app, an Israeli application designed by Kobi Snir exclusively for delivering missile and rocket alerts to the Israeli population. Seizing this opportunity, AnonGhost maliciously disseminated fabricated rocket, missile, and even nuclear bomb alerts to Israelis.

Now, Cloudflare’s Cloudforce One Threat Operations Team has uncovered a similar incident, this time targeting a different rocket alert app. The researchers identified a malicious website (redalertsme) hosting a Google Android Application (APK) impersonating the legitimate RedAlert – Rocket Alerts application originally created by Elad Nava. The motive behind this malicious website was to infect unsuspecting Israeli app users with spyware.

Rocket alert apps have gained immense popularity in Israel, providing crucial alerts to citizens about incoming air strikes, which have sadly become an all too common occurrence. The misuse of these applications, as witnessed in the recent hack, has the potential to create widespread panic and further escalate an already tense situation.

According to a **blog post** by Cloudflare, the malicious domain in question offered both iOS and Android versions of the mobile application. However, while the link for the iOS version directed users to the legitimate App Store page, the Android version was a manipulated variant.

Screenshot of the malicious website (Cloudflare)

The malicious application, while retaining elements of the original code, had been equipped with the capability to collect sensitive user data. This included access to contacts, call logs, text messages, account information, SIM card details, and a list of installed applications on the victim’s device.

To make matters worse, the malicious app operated stealthily in the background, continuously harvesting data from the compromised device. The stolen information was then sent to a remote server.

Although the data was encrypted, the use of RSA encryption with a bundled public key within the app made it theoretically possible for anyone intercepting the data packets to decrypt the information.

The website hosting the spyware-infested version of RedAlert has since been taken down. However, users who may have unwittingly installed this malicious application remain at risk. They are advised to take immediate action to cleanse their devices of the spyware.

To determine whether their devices have been compromised, users are urged to check the permissions that the app has requested. Suspicious permissions include access to call logs, contacts, phone features, and SMS capabilities. These indicators should be taken seriously to ensure the security of their devices and personal information.

While malicious **AI chatbots like WormGPT and FraudGPT** assist malicious actors in generating novel ideas with user-friendly technology, traditional cyber warfare tactics, such as hackvisits, persist. Presently, both pro-Palestinian and Israeli hackvisits **are focusing on** each other’s critical ICS products.

As hackers continuously innovate, it is crucial for users to remain vigilant and informed about safeguarding themselves from the ever-evolving landscape of cyber threats.

****_RELATED ARTICLES_****

1.  Israel’s Channel 10 TV Station Hacked by Hamas
2.  Hamas hacked the smartphones of over 100 IDF soldiers
3.  Hamas posed as women to con IDF into downloading malware
4.  Iranian Hackers Posed as Israelis in Targeted LinkedIn Phishing Attack
5.  Hamas hacked phones of IDF soldiers with seductive phones of women

Hackers Target Israeli Rocket Alert App Users with Spyware

Categories: News
A list of topics we covered in the week of October 9 to October 15 of 2023



(Read more...)




The post A week in security (October 9 - October 15) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

For Personal

Windows Antivirus

Mac Antivirus

Android Antivirus

Free Antivirus

VPN App (All Devices)

Malwarebytes for iOS

See all

Company

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Rootkit Scanner

Trojan Scanner

Virus Scanner

Spyware Scanner  

Password Generator

Anti Ransomware Protection

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (October 9 - October 15)

The mobile application or the affected API suffers from an SQL Injection vulnerability. Input passed to the parameters that are associated to international transfer is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and disclose sensitive information.

Title: NLB mKlik Makedonija 3.3.12 SQL Injection  
Advisory ID: ZSL-2023-5797  
Type: Local/Remote  
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data  
Risk: (3/5)  
Release Date: 14.10.2023

**Summary**

NLB mKlik е мобилна апликација наменета за физички лица, корисници на услугите на НЛБ Банка, која овозможува преглед на различните продукти кои корисниците ги имаат во Банката како и извршување на различни видови на трансакции на едноставен и пред се безбеден начин во било кој период од денот. NLB mKlik апликацијата може да се користи со Android верзија 5.0 или понова.

**Description**

The mobile application or the affected API suffers from an SQL Injection vulnerability. Input passed to the parameters that are associated to international transfer is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and disclose sensitive information.

**Vendor**

NLB Banka AD Skopje - https://www.nlb.mk

**Affected Version**

3.3.12

**Tested On**

Android 13

**Vendor Status**

\[23.12.2022\] Vulnerability discovered.  
\[23.12.2022\] Vendor contacted.  
\[26.12.2022\] Vendor responds asking more details.  
\[28.12.2022\] Sent details to the vendor, not encrypted. Asked for confirmation and next steps.  
\[28.12.2022\] Vendor thanks us for the cooperation.  
\[06.01.2023\] Asked vendor for update and plan for fix mob/web?  
\[09.01.2023\] Vendor informs that our request has been received and will be reviewed within the responsible department. After the department responds we will be notified.  
\[20.01.2023\] Asked vendor to provide status update and confirmation and to communicate more often.  
\[23.01.2023\] Vendor informs that our request is sent to the responsible department. After the department responds we will be notified.  
\[13.10.2023\] No response from the vendor.  
\[14.10.2023\] Public security advisory released.

**PoC**

nlbmklik\_sqli.txt

**Credits**

Vulnerability discovered by Neurogenesia - <neurogenesia@segfault.mk\>

**References**

\[1\] https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.production

**Changelog**

\[14.10.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

**PRESS RELEASE**

**REDWOOD CITY, Calif., October 11, 2023 –** Appdome, the mobile one-stop shop for mobile app defense, today released new threat evaluation tools inside ThreatScope™ Mobile XDR to deliver enhanced monitoring, investigation and threat evaluation for mobile apps and brands globally. Among the new tools is Threat-Inspect™, a powerful new ability to investigate, drill down, share and report on defenses, attacks and threats in the production environment. 

Appdome's ThreatScope™ Mobile XDR gathers thousands of threat signals from mobile app security, hacking, fraud, malware, cheat, and bot attacks from inside deployed mobile apps, and translates that data into brand relevant views that cyber, fraud and business teams can use to evaluate and respond to mobile threats and attacks in real time. The new evaluation tools include: (1) Threat-Inspect, for deep threat inspection, (2) Threat-Views™, for creating savable monitoring perspectives by app, device, OS, attacks and other parameters, and (3) Threat-Snapshots for ease of reporting and collaboration. ThreatScope Mobile XDR is pre-integrated with Appdome’s Cyber Defense Automation platform for Android & iOS apps for instant response to any cyber or fraud attack. 

"Real-time attack data from the native mobile app channel is full of surprises," said Tom Tovar, co-creator and CEO of Appdome. "Our new evaluation tools, including Threat-Inspect, allow even faster and deeper investigation into cyber and fraud data from the mobile channel and empower mobile brands to view this data from a business context."

The new threat evaluation features in ThreatScope Mobile XDR provide mobile businesses and brands: 

**Threat-Inspect™** allows cyber teams to pivot between "All" and “Unique” attacks as well as between attacks and “Impacted Devices,” to see the number of unique devices experiencing each attack. This new capability allows cyber responses to be tailored to the specific threat(s) in the production environment while also easing the remediation burden for mobile users and brands globally. 

A unique feature of Threat-Inspect is that it also can be used in conjunction with Appdome’s recently released Build-to-Test automated testing capability. Build2Test allows Appdome-protected mobile apps to be used inside automated mobile app testing suites, logging all security events for the developer to track and monitor. These logged security events are now visualized inside Threat-Inspect.  

**Threat-Views™** allows security teams to zoom in and monitor specific aspects of the mobile app defense, attack and threat data shown on ThreatScope. Create and save any number of Threat-Views to monitor one or more mobile applications, OS, OS Version, attack vector, mobile app release, Fusion Set (defense model), geographic region or other parameter. Threat-Views enable persistent business level viewing and analysis, which is essential for demonstrating ROI and keeping the overall mobile business safe. 

**ThreatScope Snapshots™**allow cyber teams to export and share real-time mobile app defense and attack snapshots from ThreatScope, Threat-Views or Threat-Inspect data. Use ThreatScope Snapshots to keep cyber, fraud, and business teams informed on progress in stopping security, fraud, malware, and other attacks, demonstrate compliance, or collaborate with other teams internally. 

Powering these features are new levels of metadata now available in ThreatScope. These include enhanced attack, threat and fraud metadata including geo-location, unique identifiers for threats and impacted installations as well as new options such as IP address and more. This metadata allows mobile brands to click to see all the in-production mobile apps and installations impacted by each attack or threat. Simply click on a specific attack or threat and choose the impact view needed by each business line. IP address and unique device data can now also be downloaded for offline analysis. 

"These enhancements to ThreatScope really raise the bar on actionable, interactive risk and threat intelligence for mobile apps," said Eric Newcomer, CTO and Principal Analyst at Intellyx. "You can drill down on device data to see which devices are impacted, and explore different views by geo-location, threat ID, and IP address – all in real time. And you can now capture and export the data for internal distribution."

Appdome's Threat-Scope Mobile XDR is the only XDR solution offering consolidated, real-time, cyber security, fraud, malware, cheat and bot attack and threat intelligence from in-production Android & iOS apps. With ThreatScope Mobile XDR, mobile brands, developers, cyber and fraud teams can immediately respond with updated security models, build-by-build and release-by-release and prioritize protections that have a real impact on the mobile business and users. The entire ThreatScope Mobile XDR capability inside Android & iOS apps without any burden on mobile dev teams, including no code, no SDK and no servers to deploy and, most importantly, no separate agent installed on the mobile device. 

"Once you see the data in ThreatScope Mobile XDR, you can't live without it," said Chris Roeckl, Chief Product Officer at Appdome. "Combining real-time data with instant action is the only way to combat the huge diversity, sophistication and relentlessness hackers, attackers and fraudsters use to compromise mobile apps, brands, and users globally."

For more information about ThreatScope™ Mobile XDR visit: www.appdome.com 

**About Appdome**  

Appdome, the mobile app economy’s one-stop-shop for mobile app defense, is on a mission to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry’s only mobile application Cyber Defense Automation platform, powered by a patented artiﬁcial-intelligence based coding engine, Threat-Events™ Threat-Aware UX/UI Control and ThreatScope™ Mobile XDR. Using Appdome, mobile brands eliminate complexity, save money and deliver 300+ Certified Secure™ mobile app security, anti-malware, anti-fraud, MOBILEBot™ Defense, anti-cheat, MiTM attack prevention, code obfuscation and other protections in Android and iOS apps with ease, all inside the mobile DevOps and CI/CD pipeline. Leading ﬁnancial, healthcare, mobile games, government and m-commerce brands use Appdome to protect Android and iOS apps, mobile customers and mobile businesses globally. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.

Appdome Announces Attack Evaluation Tools in Digital Economy's Mobile XDR

Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows.

Encryption, authentication, and signing keys are often exposed in mobile fintech apps used across Africa, according to researchers at Approov, who found passwords, application programming interface (API) keys, and private keys for cryptography when the most commonly used apps were reverse-engineered.

**Risky Mobile Business**

Approov examined the top 10 apps based on revenue and downloads. The fintech apps included those offering loans, mobile banking, P2P money transfer, investment, and cryptocurrency services.

Trevor Henry Chiboora, research associate at CyLab-Africa, which conducted the study along with Approov, says some of the apps surveyed are used exclusively within Africa, and some are geolocked to regions within Africa. He also confirmed all the apps were downloaded from the Google Play Store.

The crypto apps were determined to be the worst when it comes to security, with 33.3% of them rated as high risk and 53.3% as medium risk.

The high-risk category is considered extremely dangerous if exposed, as they disclose private keys, keys for payment or transfer services, and "authentication" or "attestation" keys. Researchers said the exposure of these secrets could potentially lead to unauthorized access, data breaches, and compromised user privacy.

The medium-risk category secrets include sensitive data that, if exposed, could potentially compromise the confidentiality of user data and application functionality. Although not as critical as the high-severity secrets, the compromise of these secrets could still have significant repercussions.

Chiboora says there is neglect across the board when it comes to the levels of security in the apps, but crypto apps have a larger user base and geographical coverage than most other categories.

Research found 22.2% of personal finance apps were rated as high risk and 66.7% as medium risk. Payment and transfer apps were next worst, with 19.1% rated as high risk and 76.6% as medium risk. Of the total of 224 applications examined, only 5.4% revealed no details.

**The Secret Key Is Exposed**

To do the analysis, the researchers collected each app's ID and, using an automated script to download the Android Application Packages, the apps were reverse-engineered and scanned for risky items.

Cryptographic API keys, private keys, and passwords are used to authenticate the application and authorize access to protected resources or services, as well as to ensure the integrity and security of data exchanges between the application and a server.

Typically an API serves a dual purpose: It identifies the app to the backend API, and it validates the legitimacy of the requesting app, thereby establishing a clear link between the requesting entity and the API backend. This mechanism effectively prevents unauthorized or anonymous access attempts and provides a means to regulate the flow of data requests.

The researchers claimed that exposing API keys — especially those related to services like Google, AWS, and other cloud services — can result in unauthorized usage, which may incur unexpected costs or disrupt the functionality of integrated features.

"Keys are vital in the security and privacy of data as they authenticate and authorize access to services," Chiboora says, adding that most of the time these details are hidden from application users. "There are mobile cybersecurity methods that allow app developers to move these keys out of the app and into the cloud, which is a better approach and a recommendation for better security."

The researchers said this secret information is essential for verifying the identity of the application and protecting against unauthorized access, tampering, or data breaches. These secret keys are often present in the compiled source code of these applications and may also be inadvertently published to public repositories like GitHub.

Ted Miracco, CEO of Approov, said that as financial services become more digitized and accessible through mobile platforms across the world, the potential risks associated with the exposure of confidential information have escalated. "Developers can no longer depend on 'official' app stores or on native client OS security and must ensure that end-to-end security is built into the app itself," he said.

Pan-African Financial Apps Leak Encryption, Authentication Keys

Today at BlueHat we announced the new Microsoft AI bug bounty program with awards up to $15,000. This new bounty program features the AI-powered Bing experience as the first in scope product. The following products and integrations are eligible for bounty awards:
AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator) AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise AI-powered Bing integration in the Microsoft Start Application (iOS and Android) AI-powered Bing integration in the Skype Mobile Application (iOS and Android) Full details can be found on our bounty program website.

Today at BlueHat we announced the new Microsoft AI bug bounty program with awards up to $15,000. This new bounty program features the AI-powered Bing experience as the first in scope product. The following products and integrations are eligible for bounty awards:

*   AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)  
*   AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise 
*   AI-powered Bing integration in the Microsoft Start Application (iOS and Android)   
*   AI-powered Bing integration in the Skype Mobile Application (iOS and Android)

Full details can be found on our bounty program website.

As shared in our bounty year in review blog post last month, we are constantly growing, iterating, and evolving our bounty programs to help Microsoft customers stay ahead of the curve in the ever-changing security landscape and emerging technologies. The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including an AI security research challenge and an update to Microsoft’s vulnerability severity classification for AI systems.

Thank you to all of the security researchers who accepted our invitation to join the security research challenge and to all who partner with us to find and fix vulnerabilities to protect Microsoft customers. Partnering with security researchers through our bug bounty programs is an essential part of Microsoft’s holistic strategy to protect customers from security threats. We value our partnership with the global security research community and are excited to expand our scope to include the AI-powered Bing experience.

Found a vulnerability in the AI-powered Bing experience? Share your findings by submitting a report through the MSRC Researcher Portal.

We are excited to learn and experiment with this new bounty program as our vulnerability management process for vulnerabilities in AI systems continues to get better. If you have any questions about this new program or any other security research incentive program, please email us at bounty@microsoft.com.

_Lynn Miyashita, MSRC_

Tag

#android