Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Supply-Chain Attack Used to Install Backdoors on ASUS Computers

Hijacked Software Update Utility Could Have Impacted Over 1 Million ASUS Users

Over 1 million ASUS users may have been impacted after attackers managed to inject a backdoor in the ASUS Live Update utility, Kaspersky Lab reports.

Pre-installed on most ASUS computers, ASUS Live Update is used to automatically update components such as BIOS, UEFI, drivers and applications. To hide the malicious activity, the actors also used a stolen digital certificate that ASUS signs legitimate binaries with.

Referred to as Operation ShadowHammer, the sophisticated supply chain attack took place between June and November 2018, but was only discovered in January 2019, the security firm says.

Similar to the CCleaner incident, the attackers were only looking to compromise a small number of users, as “they targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility,” Kaspersky Lab’s security researchers say.

The researchers couldn’t...(continued)

View All Trending Stories