Cybersecurity

8004 readers

28 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks (thehackernews.com)

submitted 6 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] eneff@discuss.tchncs.de 4 points 6 months ago (2 children)

Oof..

I had kept MikroTik in mind for a source of good value networking equipment, since I've heard many good things a few years ago, but apparently this has been an ongoing issue?

I'll need to do more research on this, but skimming this article I will probably avoid their products in the future.

[–] _thebrain_@sh.itjust.works 10 points 6 months ago* (last edited 6 months ago)

I have a mikrotik at home and generally believe it to be a very solid product. A take aways from this hack:

mikrotik doesn't bill themselves as "consumer grade". It's a huge learning curve to get started with them. There are graphical tools but it's not much different then Cisco or juniper. You can put in bad or faulty configurations and the router will happily do the bad or faulty things you told it to.
It only effects routers that are severely misconfigured routers. You need specific services turned on, and have dns grossly misconfigured. Depending on your use case at home it is doubtful a hone user would do this. Also
the man thing I don't like about my device is that the software isn't open source. The hardware is quite well known tho and there are ports of *wrt and opensense that run on it , plus you probably could just run a Linux distro on it if you wanted. The bootloader isn't locked down. It's an arm64 computer with a lot of network ports.

That being said I really like the router itself. Performance is great, price is amazing. It does anything and everything I ask it to.

[–] BarbecueCowboy@lemmy.world 4 points 6 months ago (1 children)

It kind of has been an issue for all the big brands. Ubiquiti has been hit a few times, I'm not sure that there's a perfect choice out there.

[–] Shadow@lemmy.ca 3 points 6 months ago

Opnsense