Vietnamese white-hat hackers' discovery of vulnerabilities of large systems has contributed to affirming the global capacity of the domestic cybersecurity team.
Tran Van Khang, Head of Malware Analysis Team, VinCSS Cybersecurity Services Co., Ltd, a subsidiary of Vingroup, has been recognized for detecting six publicly disclosed computer security flaws (Common Vulnerabilities and Exposures CVE) in Adobe and Microsoft software. This brings the total number of zeroday security vulnerabilities discovered by VinCSS to 80 CVEs.
Network security expert Tran Van Khang.
CVE is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that's been assigned a CVE ID number. CVEs help IT professionals coordinate their efforts to prioritize and address these vulnerabilities to make computer systems more secure. CVE is overseen by the MITRE corporation with funding from the Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security.
On September 14, Adobe released patches for the security vulnerabilities of the Windows-based Adobe Framemaker application. Specifically, three vulnerabilities were detected by Vietnamese expert Khang. These vulnerabilities are recorded at a serious level, affecting users in many countries because of the popularity of the application.
Shortly after, on September 15, Khang was recognized by Microsoft for the detection of three serious security vulnerabilities that exist in the applications of the Microsoft 365 Apps for Enterprise product.
These vulnerabilities allow hackers to hijack the victim’s devices, gain access to an organization's network, and perform dangerous cybersecurity breaches that can cause great damage to businesses.
Adobe records the discovery of 3 security vulnerabilities of white hat hacker Tran Van Khang.
During nearly three years working at VinCSS, Khang has detected 27 CVE. Most of them were found in products of major technology companies in the world such as Microsoft, Adobe and popular anti-virus software of Trend Micro, McAfee, Bitdefender, ESET. These findings have helped technology companies promptly fix and remove the threat to billions of users globally.
In April 2019, Khang became the first Vietnamese to obtain a GREM (GIAC Reverse Engineering Malware) certificate issued by the SANS Institute (USA). The certificate shows his ability to work at the international level.
In the field of network security, finding Zero Day vulnerabilities is considered very influential because these vulnerabilities are often not known by product developers. Therefore, proactive activities to detect Zero Day vulnerabilities play an important role in helping organizations promptly update new versions, and improve product security to protect users around the world against cyber risks.
Security vulnerabilities are recognized around the world and are posted on the National Vulnerability Database (nvd.nist.gov) of the National Institute of Standards and Technology (USA).
The outstanding achievements of Khang and other Vietnamese security experts in detecting the weaknesses of large systems such as Oracle, D-Link, VMware, and Microsoft have contributed to affirming the global capacity of the Vietnamese cybersecurity team.
Nguyen Tuan Anh, security expert of Viettel Cyber Security, surpassed more than 25,000 "white hat hackers" in the world to top the June 2021 rankings of Bugcrowd, the world's largest security vulnerability search platform.