Microsoft will do more than pay researchers bounties for finding and reporting vulnerabilities in Microsoft Account and Azure Active Directory in its Microsoft Identity Bounty Program. The company also wants vulnerabilities in select OpenID standards.
Recently, Microsoft patched a vulnerability that could be used in phishing attacks to direct users to malicious websites. The security update is available in March’s Patch Tuesday, which included two months of updates and 18 security bulletins - 9 of which were rated as critical.
Recently, phishing attacks against Gmail users, a major U.S. financial services provider, and Android app users have revealed unique ways to deliver malware and steal login credentials.