U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

A Russian-speaking hacker, who goes by the name of Alexey, claims to have hacked into over 100,000 MikroTik routers with a specific intent, disinfect them. Earlier August, experts uncovered a massive crypto jacking campaign that was targeting  MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. The campaign started in Brazil, but it rapidly expanded to […]

Mikrotik routers vulnerable

A Russian-speaking hacker, who goes by the name of Alexey, claims to have hacked into over 100,000 MikroTik routers with a specific intent, disinfect them.

Earlier August, experts uncovered a massive crypto jacking campaign that was targeting  MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic.

The campaign started in Brazil, but it rapidly expanded to other countries targeting MikroTik routers all over the world, over 200,000 devices were compromised.

In September thousands of unpatched MikroTik Routers were involved in new cryptocurrency mining campaigns.

Threat actors also exploited the exploit code for the CVE-2018-14847 vulnerability in MikroTik routers to recruit them in botnets such as Mirai and VPNFilter.

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator.

Alexey described his activity on a Russian blogging platform, he explained he hacked into the routers to change settings and prevent further compromise.

“I added firewall rules that blocked access to the router from outside the local network,” Alexey wrote.

“In the comments, I wrote information about the vulnerability and left the address of the @router_os Telegram channel, where it was possible for them to ask questions.”

Alexey changed settings for over 100,000 users, but only 50 users contacted his via Telegram but of them were angry for the intrusion.

According to the researcher Troy Mursch, currently, there are over 420,000 MikroTik routers exposed only that have been abused in cryptocurrency-mining campaigns.

MikroTik routers continue to be under attack, and the situation is getting worse because of the availability of a new PoC code.

The new attack technique was recently discovered by experts at Tenable Research and it could be exploited by remote attackers to execute arbitrary code on the vulnerable devices.

The experts at Tenable Research presented the technique on October 7 at DerbyCon 8.0 during the talk “Bug Hunting in RouterOS” at Derbycon, it leverages a known directory traversal flaw tracked as CVE-2018-14847.

Mikrotik routers vulnerable

Just to be clear, despite Alexey has broken into the infected routers to sanitize them, this action is technically considered a cybercrime.

The bad aspect of the story is that even if security patches have been available for months, ISPs and owners of the home routers still have installed them.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – MikroTik routers, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]