InfoSecBulletin Cybersecurity for mankind
Bitdefender said a vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates.
Specifically, if a site certificate lacks the “Server Authentication” specification in the Extended Key Usage extension, the product does not verify the certificate’s compliance with the site, deeming such certificates as valid.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
The vulnerability tracked as CVE-2023-6055 could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. a severity score of 8.6 on the CVSSv4 scale, indicating the high risk they pose to users’ security.
“A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates,” the advisory states.
Bitdefender has quickly resolved this vulnerability with an automatic update to version 27.0.25.115, which fixes the issue, as confirmed in the advisory for each CVE.
Bitdefender Total Security users should update their software to the latest version to reduce risks. This highlights the need to stay vigilant about software updates and security patches, even for trusted products.
