I’ve tried to contact MTCaptcha using their two documented email addresses (info@ and support@) but didn’t get any response. If you know someone there I’d appreciate an email address.
1 Like
So the company has one (1) employee on LinkedIn, so if anyone has 1st or 2nd degree access to this LinkedIn account’s employee page: https://www.linkedin.com/company/mtcaptcha/
I left them a comment: MTCaptcha on LinkedIn: 95 Top San Francisco Cyber Security Companies and Startups of 2021
If nothing happens and it’s not a CVE, it’s probably useless to report it publicly.
Since it’s used by ABB (ICS), I would FORWARD the email your sent already to
ABB and CC: [email protected]
I would consider it ICS, so just forward the first email you sent to ABB and CC ICS CERT (above).
Once you’ve done all that, and if nobody responds, wait a wait, then you can probably just think about going public.
1 Like
Thanks for looking into this!
I did see their LinkedIn and the article you mentioned, but didn’t think of leaving a comment there.
ABB doesn’t seem to be using them anymore. I did find a few companies using them on Shodan/Censys, but none of them appear to have disclosure policies except for the BBP where I orignaly reported the vulnerability.
Damn, you could try [email protected]
[email protected] will go directly to the domain owner, via the WHOIS.
Abuse should work pretty quick though!
1 Like