Peace,
An undisclosed (or, even, yet undiscovered by the vendor)
vulnerability in SOHO Mikrotik routers seems to be exploited by
someone.
Approx. 328 thousand devices already joined the botnet, with each
having unrestricted access to the uplink (up to 1 Gbps). 42,6% of
exploited devices reside in the U.S.
https://blog.qrator.net/en/meris-botnet-climbing-to-the-record_142/
I didn't know Mikrotik was so popular in North America!
Patching all those SOHO WiFi routers must be fun...
Mikrotik is a very popular router in small to medium ISPs, running, well, everything.
Oof. I wonder if there is any connection to their DDNS service outage a couple days ago?
https://forum.mikrotik.com/viewtopic.php?t=178256
Peace,
Oof. I wonder if there is any connection to their DDNS service outage a couple days ago?
mynetname.net is suspended - MikroTik
No, hardly any. That one seems to be just a DNS abuse
reporting/delegation issue.
...well, by some wild extension one could imagine that the botnet
operator reported some fake issue just to have the vendor's
infrastructure blocked. Therefore, IoT vendors that don't enforce
security updates on the devices they sell, should expect criminals to
go to great lengths to keep their update servers and the
infrastructure down once some RCE vulnerabilities are found. But
that's a wild extension.
No rest for the wired 