Author Archives: CSIRT

Fortinet, Shopify and more report issues after root CA certificate from Lets Encrypt expires

By Jonathan Greig A number of websites and services reported issues on Thursday thanks to the expiration of a root certificate provided by Let’s Encrypt, one of the largest providers of HTTPS certificates.  At around 10 am ET, IdentTrust DST Root CA X3 expired according to Scott Helme, founder of Security Headers. He has been tracking […]

Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts

A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others. Cybercriminals are using Telegram bots to steal one-time password tokens (OTPs) and defraud people through banks and online payment systems, including PayPal, Apple Pay and Google Pay, new research has found. Researchers from Intel 471 discovered […]

Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN

By Tara Seals Unauthenticated cyberattackers can also wreak havoc on networking device configurations. Cisco is warning three critical security vulnerabilities affect its flagship IOS XE software, the operating system for most of its enterprise networking portfolio. The flaws impact Cisco’s wireless controllers, SD-WAN offering and configuration mechanisms in use for scads of products. The networking […]

TangleBot Malware Reaches Deep into Android Device Functions

By Tara Seals The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others. An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. According […]

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

By Lisa Vaas Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. Guardicore security researcher Amit Serper has discovered a severe design bug in Microsoft Exchange’s autodiscover (https://docs.microsoft.com/en-us/exchange/architecture/client-access/autodiscover?view=exchserver-2019) – a protocol that lets users easily configure applications such as Microsoft Outlook with just […]