<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <br>
    -----BEGIN PGP SIGNED MESSAGE----- <br>
    Hash: SHA256 <br>
     <br>
    [fr en dessous]<br>
    <br>
    Hi cmNOGers,<br>
    ...are you a Mikrotik User ?<br>
    Please read below.<br>
    Regards,<br>
    <br>
    [fr]<br>
    Ch.e.è.r.e cmNOG-iste,<br>
    ...Utilisat.eu.r.ice Mikrotik ?<br>
    Prière de lire en dessous.<br>
    <br>
    Cordialement,<br>
    [/fr]<br>
    <br>
    - --sb.<br>
    __<br>
    <a class="moz-txt-link-freetext" href="http://www.chretiennement.org">http://www.chretiennement.org</a><br>
    <br>
    <br>
    Le jeu. 2 août 2018 1:04 PM, de Brenna Thomas <<a class="moz-txt-link-abbreviated" href="mailto:brenna@cymru.com">brenna@cymru.com</a>
    <a class="moz-txt-link-rfc2396E" href="mailto:brenna@cymru.com"><mailto:brenna@cymru.com></a>> :<br>
    <br>
        Title: Massive Coinhive Cryptojacking Campaign Infects 170,000
    MikroTik<br>
        Routers<br>
        Source: Catalin Cimpanu, Bleeping Computer<br>
        Date Published: August 2, 2018<br>
        Excerpt:<br>
    <br>
        "According to Kenin, the attacker used one of those PoCs to
    alter<br>
        traffic passing through the MikroTik router and inject a copy of
    the<br>
        Coinhive library inside all the pages served through the router.<br>
    <br>
        We know it's only one threat actor exploiting this flaw because
    the<br>
        attacker used only one Coinhive key for all the Coinhive
    injections he<br>
        performed during the past week.<br>
    <br>
        Furthermore, Kenin says that he also identified some cases where<br>
        non-MikroTik users were also impacted. He says this was
    happening<br>
        because some Brazilian ISPs were using MikroTik routers for
    their main<br>
        network, and hence the attacker managed to inject the malicious
    Coinhive<br>
        code in a massive amount of web traffic.<br>
    <br>
        In addition, Kenin says that because of the way the attack was<br>
        performed, the injection worked both ways, and not necessarily
    only for<br>
        traffic going to the user. For example, if a website was hosted
    on a<br>
        local network behind an affected MikroTik router, traffic to
    that<br>
        website would also be injected with the Coinhive library."<br>
    <br>
    <br>
        To read the complete article see:<br>
    <br>
       
<a class="moz-txt-link-rfc2396E" href="https://www.bleepingcomputer.com/news/security/massive-coinhive-cryptojacking-campaign-infects-170-000-mikrotik-routers/"><https://www.bleepingcomputer.com/news/security/massive-coinhive-cryptojacking-campaign-infects-170-000-mikrotik-routers/></a><br>
    <br>
        [...]<br>
    <br>
    <br>
    <br>
    - -- <br>
    <br>
    Regards,<br>
    Sylvain B.<br>
    __<br>
    Website : <a class="moz-txt-link-freetext" href="https://www.cmnog.cm">https://www.cmnog.cm</a> <a class="moz-txt-link-rfc2396E" href="https://www.cmnog.cm/"><https://www.cmnog.cm/></a><br>
    Wiki : <a class="moz-txt-link-freetext" href="https://www.cmnog.cm/dokuwiki">https://www.cmnog.cm/dokuwiki</a><br>
    Surveys : <a class="moz-txt-link-freetext" href="https://survey.cmnog.cm">https://survey.cmnog.cm</a> <a class="moz-txt-link-rfc2396E" href="https://survey.cmnog.cm/"><https://survey.cmnog.cm/></a><br>
    Subscribe to Mailing List :
    <a class="moz-txt-link-freetext" href="https://lists.cmnog.cm/mailman/listinfo/cmnog/">https://lists.cmnog.cm/mailman/listinfo/cmnog/</a><br>
    Mailing List's Archives : <a class="moz-txt-link-freetext" href="https://lists.cmnog.cm/pipermail/cmnog/">https://lists.cmnog.cm/pipermail/cmnog/</a><br>
    Last Event's Feed : <a class="moz-txt-link-freetext" href="https://twitter.com/#cmNOGlab3">https://twitter.com/#cmNOGlab3</a><br>
    <a class="moz-txt-link-freetext" href="https://twitter.com/cmN0G">https://twitter.com/cmN0G</a> |<br>
    <a class="moz-txt-link-freetext" href="https://facebook.com/cmNOG">https://facebook.com/cmNOG</a><br>
    <a class="moz-txt-link-freetext" href="https://twitter.com/#REBOOTcmNOG">https://twitter.com/#REBOOTcmNOG</a><br>
    <a class="moz-txt-link-freetext" href="https://twitter.com/#cmNOG">https://twitter.com/#cmNOG</a><br>
    <a class="moz-txt-link-freetext" href="https://cmnog.wordpress.com/">https://cmnog.wordpress.com/</a><br>
    <br>
    <br>
    -----BEGIN PGP SIGNATURE----- <br>
    Version: GnuPG v2 <br>
     <br>
    iQIcBAEBCAAGBQJbYycaAAoJEAOHQINlrIWU0H0P/0ahZ7AbEdE1ClCbJFSDAl4S <br>
    LjnSENHf2RZYZOxUbcS2H2LLJTCCrDgsvl8aW+T1HKIfyDr7czwl/OSfUJFVI/7R <br>
    nOd18dWWT/o5UEy2aG0Bm9PiH4gs4v602gkLdEaZA27HTK1/927Z+Cvj6KzEEm2H <br>
    vm31milh4EAa7ZGwZYVK4yCfIBg/Rsjx5HYeO8IFLecD6hLwhxWH/BsEEnUHvEqd <br>
    U9TclnIm0PAMRr2KKefV8zr3hr4q/n1VGbHVTQDzrqvtmlnqWklFeHmlHuCiSyqM <br>
    coGXNjVU1g/V1/2WXKq8p7b/lcpKzHWEb8CG4bLkVSs6U2WpV2+Fquwh6mSGBHeV <br>
    1zKW5zeFhpjvvAK5dmlx3jIi7GOmZTfvLzbIXcWCYZBqC1QCaoGPilU0iVlcEurC <br>
    IDohtCGcv5tdiK+OBONWCe5IgKqCI7QtNHwsQbJjra0I60nlVP4KRN+CXbbovrNP <br>
    980KI6XrTv/36jtnmmqWsCJFXnmGMEeCcgzOPYH+0Lo726VE0VQKSKCiWsRH036B <br>
    huQ2zih/ZrPiFcAw9cZj/VyNqMJojUG77achDJqZss/B35QEbBHpApfalJvFuHpV <br>
    b6XajeAQN38PqhFLMKnWOKtPq86G+Hh4ruu8PNKymw00yWX9WN9t1cndARtBx6HU <br>
    Rbegoi6XXWb5F5PjPOY4 <br>
    =qken <br>
    -----END PGP SIGNATURE----- <br>
    <br>
  </body>
</html>