![]() These steps must be done by the users themselves," the company explained. We don't have an illegal backdoor to change the user's password and check their firewall or configuration. ![]() ![]() "Unfortunately, closing the old vulnerability does not immediately protect the affected routers. In a statement shared with The Hacker News, the Latvian company said that "there are no new vulnerabilities in RouterOS," while stressing that keeping the operating system up to date is an "essential step to avoid all kinds of vulnerabilities." In a separate report, the enterprise cybersecurity firm said that the operators of a botnet known as Manga aka Dark Mirai are actively abusing a recently disclosed post-authenticated remote code execution vulnerability ( CVE-2021-41653) to hijack TP-Link routers and co-opt the appliances to their network of infected devices. Researchers from Fortinet this week disclosed how the Moobot botnet is leveraging a known remote code execution (RCE) vulnerability in Hikvision video surveillance products ( CVE-2021-36260) to grow its network, and use the compromised devices to launch distributed denial-of-service (DDoS) attacks. MikroTik routers are far from the only devices to have been co-opted into a botnet. ![]() As with previous attacks, enterprise traffic could be tunneled to another location or malicious content injected into valid traffic," the researchers added. "An attacker could use well-known techniques and tools to potentially capture sensitive information such as stealing MFA credentials from a remote user using SMS over WiFi.
0 Comments
Leave a Reply. |