More than 7,500 Mikrotik routers have been compromised with malware that logs and transmits network traffic data to an unknown control server.

This is according to researchers from 360 Netlab, who found the routers had all been taken over via an exploit for CVE-2018-14847, a vulnerability first disclosed in the Vault7 data dump of supposed CIA hacking tools.

Since mid-July, Netlab said, attackers have looked to exploit the flaw and enlist routers to do things like force connected machines to mine cryptocurrency, and, in this case, forward their details on traffic packets to a remote server.

“At present, a total of 7,500 MikroTik RouterOS device IPs have been compromised by the attacker and their TZSP traffic is being forwarded to some collecting IP addresses,” the researchers explained.

The infection does not appear to be targeting any specific region, as the hacked devices reside across five different continents with Russia, Brazil, and Indonesia being the most commonly impacted.

The researchers noted that the malware is also resilient to reboots.

Source: Mikrotik routers pwned en masse, send network data to mysterious box • The Register

mSpy, a commercial spyware solution designed to help you spy on kids and partners, has leaked over 2 million records including software purchases and iCloud usernames and authentication tokens of devices running mSky. The data appears to have come from an unsecured database that allowed security researchers to pull out millions of records.

“Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months,” wrote security researcher Brian Krebs.

Source: Mobile spyware maker leaks 2 million records | TechCrunch