
<html>

  <head>


    <meta http-equiv="content-type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <br>

    -----BEGIN PGP SIGNED MESSAGE----- <br>

    Hash: SHA256 <br>

     <br>

    [fr en dessous]<br>

    <br>

    Hi cmNOGers,<br>

    ...are you a Mikrotik User ?<br>

    Please read below.<br>

    Regards,<br>

    <br>

    [fr]<br>

    Ch.e.è.r.e cmNOG-iste,<br>

    ...Utilisat.eu.r.ice Mikrotik ?<br>

    Prière de lire en dessous.<br>

    <br>

    Cordialement,<br>

    [/fr]<br>

    <br>

    - --sb.<br>

    __<br>

    <a class="moz-txt-link-freetext" href="http://www.chretiennement.org">http://www.chretiennement.org</a><br>

    <br>

    <br>

    Le jeu. 2 août 2018 1:04 PM, de Brenna Thomas <<a class="moz-txt-link-abbreviated" href="mailto:brenna@cymru.com">brenna@cymru.com</a>

    <a class="moz-txt-link-rfc2396E" href="mailto:brenna@cymru.com"><mailto:brenna@cymru.com></a>> :<br>

    <br>

        Title: Massive Coinhive Cryptojacking Campaign Infects 170,000

    MikroTik<br>

        Routers<br>

        Source: Catalin Cimpanu, Bleeping Computer<br>

        Date Published: August 2, 2018<br>

        Excerpt:<br>

    <br>

        "According to Kenin, the attacker used one of those PoCs to

    alter<br>

        traffic passing through the MikroTik router and inject a copy of

    the<br>

        Coinhive library inside all the pages served through the router.<br>

    <br>

        We know it's only one threat actor exploiting this flaw because

    the<br>

        attacker used only one Coinhive key for all the Coinhive

    injections he<br>

        performed during the past week.<br>

    <br>

        Furthermore, Kenin says that he also identified some cases where<br>

        non-MikroTik users were also impacted. He says this was

    happening<br>

        because some Brazilian ISPs were using MikroTik routers for

    their main<br>

        network, and hence the attacker managed to inject the malicious

    Coinhive<br>

        code in a massive amount of web traffic.<br>

    <br>

        In addition, Kenin says that because of the way the attack was<br>

        performed, the injection worked both ways, and not necessarily

    only for<br>

        traffic going to the user. For example, if a website was hosted

    on a<br>

        local network behind an affected MikroTik router, traffic to

    that<br>

        website would also be injected with the Coinhive library."<br>

    <br>

    <br>

        To read the complete article see:<br>

    <br>

       
<a class="moz-txt-link-rfc2396E" href="https://www.bleepingcomputer.com/news/security/massive-coinhive-cryptojacking-campaign-infects-170-000-mikrotik-routers/"><https://www.bleepingcomputer.com/news/security/massive-coinhive-cryptojacking-campaign-infects-170-000-mikrotik-routers/></a><br>

    <br>

        [...]<br>

    <br>

    <br>

    <br>

    - -- <br>

    <br>

    Regards,<br>

    Sylvain B.<br>

    __<br>

    Website : <a class="moz-txt-link-freetext" href="https://www.cmnog.cm">https://www.cmnog.cm</a> <a class="moz-txt-link-rfc2396E" href="https://www.cmnog.cm/"><https://www.cmnog.cm/></a><br>

    Wiki : <a class="moz-txt-link-freetext" href="https://www.cmnog.cm/dokuwiki">https://www.cmnog.cm/dokuwiki</a><br>

    Surveys : <a class="moz-txt-link-freetext" href="https://survey.cmnog.cm">https://survey.cmnog.cm</a> <a class="moz-txt-link-rfc2396E" href="https://survey.cmnog.cm/"><https://survey.cmnog.cm/></a><br>

    Subscribe to Mailing List :

    <a class="moz-txt-link-freetext" href="https://lists.cmnog.cm/mailman/listinfo/cmnog/">https://lists.cmnog.cm/mailman/listinfo/cmnog/</a><br>

    Mailing List's Archives : <a class="moz-txt-link-freetext" href="https://lists.cmnog.cm/pipermail/cmnog/">https://lists.cmnog.cm/pipermail/cmnog/</a><br>

    Last Event's Feed : <a class="moz-txt-link-freetext" href="https://twitter.com/#cmNOGlab3">https://twitter.com/#cmNOGlab3</a><br>

    <a class="moz-txt-link-freetext" href="https://twitter.com/cmN0G">https://twitter.com/cmN0G</a> |<br>

    <a class="moz-txt-link-freetext" href="https://facebook.com/cmNOG">https://facebook.com/cmNOG</a><br>

    <a class="moz-txt-link-freetext" href="https://twitter.com/#REBOOTcmNOG">https://twitter.com/#REBOOTcmNOG</a><br>

    <a class="moz-txt-link-freetext" href="https://twitter.com/#cmNOG">https://twitter.com/#cmNOG</a><br>

    <a class="moz-txt-link-freetext" href="https://cmnog.wordpress.com/">https://cmnog.wordpress.com/</a><br>

    <br>

    <br>

    -----BEGIN PGP SIGNATURE----- <br>

    Version: GnuPG v2 <br>

     <br>

    iQIcBAEBCAAGBQJbYycaAAoJEAOHQINlrIWU0H0P/0ahZ7AbEdE1ClCbJFSDAl4S <br>

    LjnSENHf2RZYZOxUbcS2H2LLJTCCrDgsvl8aW+T1HKIfyDr7czwl/OSfUJFVI/7R <br>

    nOd18dWWT/o5UEy2aG0Bm9PiH4gs4v602gkLdEaZA27HTK1/927Z+Cvj6KzEEm2H <br>

    vm31milh4EAa7ZGwZYVK4yCfIBg/Rsjx5HYeO8IFLecD6hLwhxWH/BsEEnUHvEqd <br>

    U9TclnIm0PAMRr2KKefV8zr3hr4q/n1VGbHVTQDzrqvtmlnqWklFeHmlHuCiSyqM <br>

    coGXNjVU1g/V1/2WXKq8p7b/lcpKzHWEb8CG4bLkVSs6U2WpV2+Fquwh6mSGBHeV <br>

    1zKW5zeFhpjvvAK5dmlx3jIi7GOmZTfvLzbIXcWCYZBqC1QCaoGPilU0iVlcEurC <br>

    IDohtCGcv5tdiK+OBONWCe5IgKqCI7QtNHwsQbJjra0I60nlVP4KRN+CXbbovrNP <br>

    980KI6XrTv/36jtnmmqWsCJFXnmGMEeCcgzOPYH+0Lo726VE0VQKSKCiWsRH036B <br>

    huQ2zih/ZrPiFcAw9cZj/VyNqMJojUG77achDJqZss/B35QEbBHpApfalJvFuHpV <br>

    b6XajeAQN38PqhFLMKnWOKtPq86G+Hh4ruu8PNKymw00yWX9WN9t1cndARtBx6HU <br>

    Rbegoi6XXWb5F5PjPOY4 <br>

    =qken <br>

    -----END PGP SIGNATURE----- <br>

    <br>

  </body>

</html>