Bleeping Computer

Hajime Botnet Makes a Comeback With Massive Scan for MikroTik Routers

Other Hajime infected bots scan random IP addresses on port 8291. This initial scan is to determine if the remote IP is running a MikroTik device. Once the bot has identified one of such devices, it ...
Ars Technica

300,000 MikroTik routers are ticking security time bombs, researchers say

As many as 300,000 routers made by Latvia-based MikroTik are vulnerable to remote attacks that can surreptitiously corral the devices into botnets that steal sensitive user data and participate in ...
CSOonline

Port Scan Spike Could Indicate Attackers’ Use of Latest Windows DNS Server Exploit

A major spike in activity targeting TCP Port 1025 on Windows systems may be a sign that attackers are gathering intelligence for an upcoming attack against unpatched servers, Symantec warned Monday.