Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them.

In all, the malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider Mikrotik across the world, with the number still increasing as of writing.

The hackers have been exploiting a known vulnerability in the Winbox component of MikroTik routers that was discovered in April this year and patched within a day of its discovery, which once again shows people's carelessness in applying security patches on time.
We’ll start this story right at the end:

  • Users and sysadmins. Patch early, patch often.
  • Vendors and programmers. Don’t store plaintext passwords.
In this particular case, the vulnerable devices under attack are Mikrotik routers that haven’t been patched since April 2018.

Security researcher Simon Kenin at Trustwave pieced the story together, following reports that there seemed to be a surge of web-based cryptojacking in Brazil.

Kenin quickly realised that Brazil was something of a red herring in the story, because the attack was happening wherever the crooks could find unpatched Mikrotik routers.
A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system.

Dubbed "NetSpectre," the new remote side-channel attack, which is related to Spectre variant 1, abuses speculative execution to perform bounds-check bypass and can be used to defeat address-space layout randomization on the remote system.
You never know what you will find on the hidden Internet 'Dark Web.'

Just about an hour ago we reported about someone selling remote access linked to security systems at a major International airport for $10.

It has been reported that a hacker was found selling sensitive US Air Force documents on the dark web for between $150 and $200.

Cybercrime tracker Recorded Future today reported that it discovered a hacker attempting to sell secret documents about the MQ-9 Reaper drone used across federal government agencies for only a few hundred dollars on a Dark Web forum last month.
A former employee of one of the world's most powerful hacking companies NSO Group has been arrested and charged with stealing phone hacking tools from the company and trying to sell it for $50 million on the Darknet secretly.

Israeli hacking firm NSO Group is mostly known for selling high-tech malware capable of remotely cracking into Apple's iPhones and Google's Android devices to intelligence apparatuses, militaries, and law enforcement around the world.
Norway almost broke its own record for passenger plug-in electric car sales in June.
The nation noted its 3rd best monthly result (within 1% of the previous two records).

In total, 7,973 new passenger plug-in electric cars were registered last month (up 32.7%) and that’s more than half of all car registrations nationwide. The market share stands at 50.3% (second best ever result and the third time the figure has been above 50%).

The average share for the first six months of this year stands at nearly 47% and 35,766 registrations translate to average growth of 32.6%.
The National Court of Justice of Ecuador has ordered the preventive detention of the country's former president Rafael Correa and requested that Interpol apprehend him for extradition.
The request for Correa’s detention was filed by the country’s chief prosecutor on Tuesday. The prosecution is accusing Correa, who served as the president of Ecuador from 2007 to 2017, of being involved in the kidnapping of Fernando Balda, a former opposition lawmaker, in 2012 in Colombia - charges that Correa vehemently denies.
If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely.

A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on users' cellular networks, modify the contents of their communications, and even can re-route them to malicious or phishing websites.

LTE, or Long Term Evolution, is the latest mobile telephony standard used by billions of people designed to bring many security improvements over the predecessor standard known as Global System for Mobile (GSM) communications.