科技创新！

Bing vulnerability made it possible to alter search results

2025-04-28 01:54:43admin

A major security exploit that let researchers change Bing search results was revealed this week.

The vulnerability was discovered in January by cybersecurity research company Wiz and reported to the Microsoft Security Response Center (MSRC).

In a Twitter thread, Wiz researcher Hillai Ben-Sasson explained how he was able to hack into Bing's content management system (CMS). By logging into Microsoft's cloud computing platform Azure, he discovered that he could grant all users access to internal Microsoft apps. He then accessed a database of Bing's search results. From there, Ben-Sasson figured out that he could actually modify what showed up in the results.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Wiz researchers also discovered that Bing was vulnerable to a Cross-Site Scripting (XSS) attack and discovered they had access to sensitive Office 365 data including Outlook emails, Calendar information, and Teams messages. MSRC detailed security updates and shared recommendations for Azure AD admins and developers in its blog post.

SEE ALSO: Protect your privacy with the best free VPN

The purpose of the researchers' experiment was to show that it was possible and share its findings with Microsoft. But it shows how malicious hackers could have wreaked havoc for Bing.

Related Stories

Oh great, Microsoft's Bing AI chatbot is getting more ads
Microsoft threatens to cut-off rival AI chatbots from Bing data
Bing vs. Bard: The ultimate AI chatbot showdown
Meet Copilot, Microsoft's AI tool for work and productivity
The ChatGPT bug exposed more private data than previously thought, OpenAI confirms

"A malicious actor with the same access could’ve hijacked the most popular search results with the same payload and leak sensitive data from millions of users," said the Wiz blog post. Luckily it was caught before any major damage was done.

This Tweet is currently unavailable. It might be loading or has been removed.

Microsoft confirmed that it has been fixed as of March 29. Wiz received a $40,000 "bug bounty" for reporting the vulnerability, which it it plans to donate to an unspecified recipient.

友链

外链

互链

Forget data. Free labor is Facebook's lifeblood

Why Facebook and Instagram should kill the Like button

This video of a corgi doing a 'trust fall' may be the key to happiness

Cambridge Analytica used self

Fake 'Elon Musk' scams Twitter users out of cryptocurrency

We tried out the LG V30s and its AI

Copyright © 2023 Powered by
Bing vulnerability made it possible to alter search results-书香门户网
 sitemap

文章
7
浏览
9
获赞
63948

赞一个、收藏了!

分享给朋友看看这篇文章

相关标签

热门推荐

Every 2020 candidate's 404 error page, ranked
UPDATE: May 16, 2019, 3:36 p.m. EDT Since this story was published, three more candidates -- Bill de
Don't wait to install Apple's latest version of iOS and iPadOS, 14.4.2
If you received a notification to update to a new version of Apple's iOS, I'd suggest downloading it
Suunto 9 Peak is a light, thin sports watch that charges really fast
Sports watch specialist Suunto is back with a new flagship model, the Suunto 9 Peak, and the focus t
Amazon admits the 'peeing in bottles thing' is real, sidesteps blame
After almost two weeks of saying "No, our workers definitely do NOT have to pee in bottles while at
Instagram's 'Hashtag Mindfulness' boom: The good, the bad, and the ugly
March Mindfulness is our new series that examines the explosive growth in mindfulness and meditation
Save $150 on the Dyson V15 at Amazon
SAVE $150: The Dyson V15 is on sale for 20% at Amazon today, Oct. 23. This takes the vacuum's price
30+ Prime Day 2 sex toy deals: LELO, Satisfyer, more
UPDATE: Oct. 11, 2023, 5:52 a.m. EDT Prime Day (also known as Amazon Big Deal Days) is live. This po
How to change your Snapchat user name
If you're looking to change your Snapchat username and can't work out how to do it, there's a very g
Bitcoin wipes coronavirus losses, passes $10,000 again
There's a popular meme that shows Bitcoin on a perpetual rollercoaster. It's true: The world's large
Get 3 for the price of 2: Save on books, music, and movies at Amazon
GET 3 FOR THE PRICE OF 2: As of Nov. 22, you can buy three books, movies, or music items for the pri
Score Solawave's Advanced Skincare Wand and Serum Kit for $169
SAVE $12: As of August 11, you can score Solawave's 4-in-1 Advanced Skincare Wand & Serum Kit (V
Should I go to a sex therapist?
Stigma against talk of mental healthhas declined as of late, but it still persists — especiall
Dyson's V11 Torque Drive is 20 percent more powerful than Cyclone V10
The future of vacuuming is cordless.A year after halting all new designs of its wired stand-up vacuu
Best robot vacuum deal: Ecovacs mop hybrid is less than $200 post
Save 69%: As of Oct. 12, you can grab the Ecovacs Deebot N8+ for just $198 at Walmart, down from its
How to change Siri's voice in iOS 14.5
If you're tired of hearing Siri's default voice, you're in luck. With iOS and iPadOS 14.5, you have