No Image

Microsoft Bounty Programs Expansion – Bounty for Defense, Authentication Bonus, and RemoteApp

2015-08-06 KENNETH 0

I am very pleased to be releasing additional expansions of the Microsoft Bounty Programs. Please stop by the Microsoft Networking Lounge at Black Hat, August 5-6, to learn more about these programs; or, visit https://aka.ms/BugBounty. We are raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD. I am also very excited to announce that we are launching a bonus period for Authentication vulnerabilities in the Online Services Bug Bounty. We will be running an onsite contest at Black Hat in Las Vegas, August 5-6, related to this effort. Lastly, we are adding RemoteApp to the list of domains covered in the Online Services Bug Bounty. The changes to the Bounty for Defense reflect the continuing evolution of the Microsoft Bounty Program, based on the feedback and opportunities brought to us from the Security Research Community. Raising the [ more… ]

No Image

Microsoft Bounty Programs Expansion – Bounty for Defense, Authentication Bonus, and RemoteApp

2015-08-05 KENNETH 0

Microsoft Bounty Programs Expansion – Bounty for Defense, Authentication Bonus, and RemoteApp I am very pleased to be releasing additional expansions of the Microsoft Bounty Programs. Please stop by the Microsoft Networking Lounge at Black Hat, August 5-6, to learn more about these programs; or, visit https://aka.ms/BugBounty. We are raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD. I am also very excited to announce that we are launching a bonus period for Authentication vulnerabilities in the Online Services Bug Bounty. We will be running an onsite contest at Black Hat in Las Vegas, August 5-6, related to this effort. Lastly, we are adding RemoteApp to the list of domains covered in the Online Services Bug Bounty. The changes to the Bounty for Defense reflect the continuing evolution of the Microsoft Bounty Program, based on the feedback [ more… ]

No Image

WordPress 4.2.4 Security and Maintenance Release

2015-08-05 KENNETH 0

출처 : https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes. Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update [ more… ]

No Image

WordPress 4.2.4 Security and Maintenance Release

2015-08-04 KENNETH 0

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes. Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites [ more… ]

No Image

WordPress 4.3 Release Candidate

2015-07-30 KENNETH 0

The release candidate for WordPress 4.3 is now available. We’ve made more than 100 changes since releasing Beta 4 a week ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.3 on Tuesday, August 18, but we need your help to get there. If you haven’t tested 4.3 yet, now is the time! Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here. To test WordPress 4.3 RC1, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip). For more information about what’s new in version 4.3, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog [ more… ]