The #BingBang vulnerability found by Hillai Ben-Sasson / Wiz Research

#microsoft / #vulnerability / #bing #azure / #HillaiBenSasson <https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration> / <https://youtube.com/watch?v=hctqRgQW4IU>

I risultati di Bing possono essere falsificati utilizzando la falla di sicurezza BingBang

Gli esperti di sicurezza hanno scoperto un bug di sicurezza, al quale è stato dato il nome di #BingBang.

Hanno scoperto che una configurazione errata di Azure Active Directory (#AAD) potrebbe portare alla #compromissione delle #SERP di Bing[.]com, agli attacchi #XSS e alla compromissione degli account utente di Office 365.

Il #bug ha fatto guadagnare ai #ricercatori una ricompensa di 40.000 dollari.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/i-risultati-di-bing-possono-essere-falsificati-utilizzando-la-falla-di-sicurezza-bingbang/

Just when you thought your online searches were safe, #Microsoft's #Bing search engine gets hit by a potential breach due to #Azure Active Directory misconfiguration. User information including emails, calendars, and messages were also at risk. #BingBang #cybersecurity https://www.theregister.com/2023/03/30/wiz_bing_takeover/

RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️

RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️

RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️

RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️

RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️

RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️

RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️

RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️

RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️

User hacked into Microsoft #Bing #CMS

#Microsoft and security ... lol....

---
RT @hillai
I hacked into a @bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️
https://twitter.com/hillai/status/1641146508639600646

Το «Ελληνικό CERN» που βρίσκεται σε βάθος 5.200 μέτρων στο Ιόνιο https://kirkinews.gr/articles/to-elliniko-cern-pou-vrisketai-se-vathos-5-200-metron-sto-ionio/?utm_source=dlvr.it&utm_medium=mastodon #ΑΡΘΡΑ #BINGBANG #ΕΛΛΗΝΙΚΟCERN #ΙΟΝΙΟ #ΠΕΙΡΑΜΑ