Cyber Security

Resecurity recognized for Ethical Vulnerability Disclosure

Resecurity, Inc. (USA), a global cybersecurity solutions provider protecting Fortune 500 and government agencies worldwide, is proud to announce that its esteemed HUNTER unit experts have been acknowledged for their exemplary ethical vulnerability disclosure in software products of major tech giants including Apple, Oracle, and Schneider Electric. These recognitions underline Resecurity’s commitment to fostering a safer digital landscape through responsible collaboration with software vendors and timely reporting of potential security vulnerabilities to protect businesses and users worldwide.

Contribution to Apple’s Security Bulletin

In a recent vulnerability bulletin released by Apple in July (2023), Resecurity® Managing Director (MENA), Ahmad Halabi was recognized for his diligent efforts in identifying and responsibly disclosing a security vulnerability (Apple web server security acknowledgment).

Impact on Oracle’s Security Program

In a recent Oracle Critical Patch Update Advisory – July 2023, Resecurity® Offensive Cyber Security Researcher, Mohamed Veten, has been acknowledged by Oracle for his significant contribution within the scope of the Oracle On-Line Presence Security program. Cybersecurity researchers are acknowledged for contributions relating to Oracle’s on-line presence if they provide information, observations or suggestions pertaining to security-related issues that result in significant modification to Oracle’s on-line external-facing systems. Veten’s ethical disclosure demonstrates the power of collaboration between security researchers and software vendors.

Resecurity HUNTER Unit’s Role in Schneider Electric’s Advisory

In a recent security advisory issued by Schneider Electric, Resecurity® HUNTER unit was acknowledged for its role in ethical vulnerability disclosure in Accutech Manager (version 2.7 and prior). Resecurity successfully identified and assisted Schneider Electric Product Security Team to patch a vulnerability in the Accutech Manager product (CVE-2023-29414 / SEVD-2-23-192-03). This discovery underscores the unit’s prowess in identifying vulnerabilities that could potentially compromise the integrity of essential industrial systems. Schneider Electric’s acknowledgment reflects the unit’s unwavering dedication to contributing to a safer industrial ecosystem. Ensuring the protection of the energy and industrial sector is a top priority for a safe digital future, that’s why Resecurity is committed to safeguarding critical infrastructure globally.

Responsible Vulnerability Disclosure: A Core Mission

Gene Yoo, CEO of Resecurity, emphasized the pivotal role of responsible vulnerability disclosure in the company’s mission to bolster software security and protect customers. “Responsible vulnerability disclosure is one of the key components of our mission to help software vendors make their products safer and customers more protected,” stated Yoo. He further highlighted the commitment of Resecurity’s HUNTER unit in actively participating in cybercrime investigations and collaborating with international law enforcement agencies.

The Excellence of the Resecurity HUNTER Unit

Resecurity’s HUNTER unit, established in 2016, is at the forefront of actionable cyber threat intelligence gathering and managed Threat Hunting for prestigious clients, including Fortune 500 companies and government agencies worldwide. Comprising experts from over 30 countries, including the U.S., Canada, Italy, India, Jordan, Lebanon, Vietnam, Egypt, and UAE, the unit showcases Resecurity’s dedication to fostering diverse talent for cutting-edge research and threat mitigation.

Gene Yoo further commended the HUNTER unit’s role in proactively patching vulnerabilities in technology industry giants. “The team did an amazing job in helping technology industry giants to patch vulnerabilities at the early stage when they were unknown and had zero-day status,” said Yoo. He emphasized the importance of ethical practices in vulnerability disclosure and collaborative partnerships with software industry stakeholders as foundational to Resecurity’s values.

Vulnerabilities identified by the Resecurity® HUNTER team:

CVE-2023-29414
Credit: Resecurity, Inc.
Schneider Electric Accutech Manager (2.7 and prior) – Classic Buffer Overflow
This high-rated issue, with a CVSS v3.1 Base Score of 7.8, is related to a Classic Buffer Overflow exploitation (CWE-120). It could result in user privilege escalation if a local user sends a specific string input to a local function call.

CVE-2021-26115
Credit: Resecurity, Inc.
FortiWAN – OS Command Injection leads to privilege escalation
An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command. Affected Products: FortiWAN versions 4.5.7 and below.

CVE-2019-1429
Credit: Resecurity, Inc.
Microsoft Internet Explorer (IE) Remote Code Execution (RCE)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

CVE-2019-3028
Credit: Resecurity, Inc.
Oracle VM VirtualBox Virtualization Core Compromise
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVE-2019-0880
Credit: Resecurity, Inc.
Microsoft splwow64 Elevation of Privilege Vulnerability
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.

CVE-2018-4097
Credit: Resecurity, Inc.
macOS High Sierra 10.13.2 Arbitrary Code Execution with Kernel Privileges
An application may be able to execute arbitrary code with kernel privileges (macOS High Sierra 10.13.2, macOS Sierra 10.12.6). Description: A logic issue was addressed with improved validation

Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!

Related posts

Third Wave Innovations announced a strategic partnership with PCS

PR Newswire

GrowPath Adds 3rd Cybersecurity Patent, 26th Overall

PR Newswire

ZeroFox Bolsters International Breach Response Capabilities

GlobeNewswire