MikroTik Router | Breaking Cybersecurity News | The Hacker News

A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought. A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year. The vulnerability, identified as CVE-2018-14847, was initially rated as medium in severity but should now be rated critical because the new hacking technique used against vulnerable MikroTik routers allows attackers to remotely execute code on affected devices and gain a root shell. The vulnerability impacts Winbox—a management component for administrators to set up their routers using a Web-based interface—and a Windows GUI application for the RouterOS software used by the MikroTik devices. The vulnerability allows "remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID.&qu

Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks . Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to actively eavesdrop on the targeted network traffic since mid-July. The vulnerability in question is Winbox Any Directory File Read (CVE-2018-14847) in MikroTik routers that was found exploited by the CIA Vault 7 hacking tool called Chimay Red , along with another MikroTik's Webfig remote code execution vulnerability. Both Winbox and Webfig are RouterOS management components with their corresponding communication ports as TCP/8291, TCP/80, and TCP/8080. Winbox is designed for Windows users to easily configure the routers that download some DLL files

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them. In all, the malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider Mikrotik across the world, with the number still increasing as of writing. The hackers have been exploiting a known vulnerability in the Winbox component of MikroTik routers that was discovered in April this year and patched within a day of its discovery, which once again shows people's carelessness in applying security patches on time. The security flaw can potentially allow an attacker to gain unauthenticated, remote administrative access to any vulnerable MikroTik router. The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than 183,700 Mikro