With my #Bitdefender vulnerability report being picked up, it's fascinating to watch journalists play the game of broken telephone. Very few publications base their reporting on my post, most copy other news publications, often without proper attribution and with added mistakes.
I think the crown so far goes to https://androidrookies.com/bitdefender-anti-virus-found-vulnerable-allowing-attackers-to-run-commands-remotely/ which is a confusing mix of Wikipedia info, my article and https://www.bleepingcomputer.com/news/security/bitdefender-fixes-bug-allowing-attackers-to-run-commands-remotely/ without any of the sources named. Some of my statements are marked as quotes, others are simply part of the text. And parts are just weird.
https://gbhackers.com/vulnerability-in-bitdefender-anti-virus/ on the other hand appears to be based on my blog post and Bitdefender announcement only. But it somehow manages to misattribute my statements to Bitdefender while also mangling my other statements in an attempt to avoid placing them in quotation marks.
While https://www.securitynewspaper.com/2020/06/23/bitdefender-flaw-allows-hacking-your-phone-or-laptop-remotely/ copied the article from https://www.bleepingcomputer.com/news/security/bitdefender-fixes-bug-allowing-attackers-to-run-commands-remotely/ with few changes, they somehow decided that a Windows-only vulnerability can be used to hack your phone.
https://www.theregister.com/2020/06/24/bitdefender_security_hole/ got thoroughly confused by Bitdefender announcement claiming that the vulnerability resides in the SAFEPAY browser. No, a malicious website doesn't need to be opened in this browser, the exploit works from any browser as my post clearly states.
The author of https://www.softzone.es/noticias/seguridad/vulnerabilidad-rce-bitdefender-peligro-windows/ translated the BleepingComputer article into Spanish, carefully removing all image and discovery attribution in the process. When I pointed this out, he at least added a link to my blog post.
A Mastodon instance for info/cyber security-minded people.