be quiet Pure Loop 2 FX 280mm LCS review
HP FX900 1 TB NVMe Review
Scythe FUMA2 Rev.B CPU Cooler review
SK Hynix Platinum P41 2TB M.2 NVMe SSD Review
Corsair K70 RGB PRO Mini Wireless review
MSI MPG A1000G - 1000W PSU Review
Goodram IRDM PRO M.2 SSD 2 TB NVMe SSD Review
Samsung T7 Shield Portable 1TB USB SSD review
DeepCool LS720 (LCS) review
Fractal Design Pop Air RGB Black TG review
Hackers Hijacked ASUS Software Updates and Installed Backdoors on Many PC's and Laptops
Asus Live Update software installed on laptops and PCs from the Taiwanese manufacturer contained a backdoor between June and November 2018. Malicious folks this way could install malware on specific systems. The malware was targeted at specific mac addresses though?
Kaspersky discovered the presence of the backdoor in January and informed Asus at the end of that month. According to security researchers, the update software was infected with a backdoor in the timeframe of June up-to November 2018. Kaspersky has named this attack 'ShadowHammer' and has put a tool online for users to check whether their Asus laptop contains the backdoor.
They also created a page on which users can verify if their mac address is included on the list of targets. ASUS is believed to have pushed this malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company's server and used it to push the malware to machines. From the report posted at motherboard.vice.com:
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world's largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers' computers last year after attackers compromised a server for the company's live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says. ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines. Kaspersky Lab said it uncovered the attack in January after adding a new supply-chain detection technology to its scanning tool to catch anomalous code fragments hidden in legitimate code or catch code that is hijacking normal operations on a machine. The company plans to release a full technical paper and presentation about the ASUS attack, which it has dubbed ShadowHammer, next month at its Security Analyst Summit in Singapore.
BetA
Senior Member
Posts: 4411
Joined: 2008-03-03
Senior Member
Posts: 4411
Joined: 2008-03-03
#5655113 Posted on: 03/28/2019 03:42 PM
UPDATE2:
A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.
One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners. The repo in question was owned by an Asus engineer who left the email account’s passwords publicly exposed for at least a year. The repo has since been wiped clean, though the GitHub account still exists.
“It was a daily release mailbox where automated builds were sent,” said the researcher, who goes by the online handle SchizoDuckie, in a message to TechCrunch. Emails in the mailbox contained the exact internal network path where drivers and files were stored.
The researcher shared several screenshots to validate his findings.
The researcher didn’t test how far the account access could have given him, but warned it could have been easy to pivot onto the network. “All you’d need is send one of those emails with an attachment to any of the recipients for a real nice spearphishing attack,” he said.
The researcher’s findings would not have stopped the hackers who targeted Asus’ software update tool with a backdoor, revealed this week, but reveals a glaring security lapse that could have put the company at risk from similar or other attacks. Security firm Kaspersky warned Asus on January 31 — just a day before the researcher’s own disclosure on February 1 — that hackers had installed a backdoor in the company’s Asus Live Update app. The app was signed with an Asus-issued certificate and hosted on the company’s download servers. More than a million users were pushed the backdoored code, researchers have estimated. Asus confirmed the attack in a statement and released a patched version.
Through the company’s dedicated security email, the researcher warned Asus of the exposed credentials. Six days later, he could no longer log in to the mailbox and assumed the matter was resolved.
But he found at least two other cases of Asus engineers exposing company passwords on their GitHub pages.
One Asus software architect based in Taiwan — where the company has its headquarters — left a username and password in code on his GitHub page. Another Taiwan-based data engineer also had credentials in his code.
“Companies have no clue what their programmers do with their code on GitHub,” said the researcher.
A day after we alerted Asus to the researcher’s email, the repos containing the credentials were pulled offline and wiped clean. Yet when reached, Asus spokesperson Randall Grilli told TechCrunch that the computer maker was “unable to verify the validity” of the claims in the researcher’s emails. “Asus is actively investigating all systems to remove all known risks from our servers and supporting software, as well as to ensure there are no data leaks,” he added.
Granted, this isn’t an issue limited to Asus. Other companies have been put at risk by exposed and leaked credentials or hardcoded secret keys. Last week, academics found more than 100,000 public repos storing cryptographic keys and other secrets.
Among the most famous examples of exposed credentials was Uber, in which an engineer mistakenly left cloud keys in a GitHub repository, which when discovered and exploited by hackers was used to pilfer data on 57 million users. Uber was later ordered to pay $148 million in a data breach settlement.
But given Asus knew of the issues months ago amid a backdoor threat that affected more than a million users, you would have hoped for a better, more active response.
https://techcrunch.com/2019/03/27/asus-hacking-risk/
UPDATE2:
Asus was warned of hacking risks months ago, thanks to leaky passwords
A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.
One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners. The repo in question was owned by an Asus engineer who left the email account’s passwords publicly exposed for at least a year. The repo has since been wiped clean, though the GitHub account still exists.
“It was a daily release mailbox where automated builds were sent,” said the researcher, who goes by the online handle SchizoDuckie, in a message to TechCrunch. Emails in the mailbox contained the exact internal network path where drivers and files were stored.
The researcher shared several screenshots to validate his findings.
The researcher didn’t test how far the account access could have given him, but warned it could have been easy to pivot onto the network. “All you’d need is send one of those emails with an attachment to any of the recipients for a real nice spearphishing attack,” he said.
The researcher’s findings would not have stopped the hackers who targeted Asus’ software update tool with a backdoor, revealed this week, but reveals a glaring security lapse that could have put the company at risk from similar or other attacks. Security firm Kaspersky warned Asus on January 31 — just a day before the researcher’s own disclosure on February 1 — that hackers had installed a backdoor in the company’s Asus Live Update app. The app was signed with an Asus-issued certificate and hosted on the company’s download servers. More than a million users were pushed the backdoored code, researchers have estimated. Asus confirmed the attack in a statement and released a patched version.
Through the company’s dedicated security email, the researcher warned Asus of the exposed credentials. Six days later, he could no longer log in to the mailbox and assumed the matter was resolved.
But he found at least two other cases of Asus engineers exposing company passwords on their GitHub pages.
One Asus software architect based in Taiwan — where the company has its headquarters — left a username and password in code on his GitHub page. Another Taiwan-based data engineer also had credentials in his code.
“Companies have no clue what their programmers do with their code on GitHub,” said the researcher.
A day after we alerted Asus to the researcher’s email, the repos containing the credentials were pulled offline and wiped clean. Yet when reached, Asus spokesperson Randall Grilli told TechCrunch that the computer maker was “unable to verify the validity” of the claims in the researcher’s emails. “Asus is actively investigating all systems to remove all known risks from our servers and supporting software, as well as to ensure there are no data leaks,” he added.
Granted, this isn’t an issue limited to Asus. Other companies have been put at risk by exposed and leaked credentials or hardcoded secret keys. Last week, academics found more than 100,000 public repos storing cryptographic keys and other secrets.
Among the most famous examples of exposed credentials was Uber, in which an engineer mistakenly left cloud keys in a GitHub repository, which when discovered and exploited by hackers was used to pilfer data on 57 million users. Uber was later ordered to pay $148 million in a data breach settlement.
But given Asus knew of the issues months ago amid a backdoor threat that affected more than a million users, you would have hoped for a better, more active response.
https://techcrunch.com/2019/03/27/asus-hacking-risk/
Deleted member 213629
Unregistered
Unregistered
#5655209 Posted on: 03/28/2019 08:05 PM
lol @ "A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers" wow screw you ASUS ... just own it cut losses, move on. You got caught with your pants down, everyone already saw - late to downplay. So fckn stupid.
lol @ "A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers" wow screw you ASUS ... just own it cut losses, move on. You got caught with your pants down, everyone already saw - late to downplay. So fckn stupid.
BetA
Senior Member
Posts: 4411
Joined: 2008-03-03
Senior Member
Posts: 4411
Joined: 2008-03-03
#5656080 Posted on: 04/01/2019 06:31 PM
Aaand another Update on this matter...
Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign affecting more than a million computer users worldwide. Between at least June and November 2018, Operation ShadowHammer targeted users of the ASUS Live Update Utility, injecting a backdoor.
Each backdoor code contained a table of hardcoded MAC addresses – the unique identifier of network adapters used to connect a computer to a network. Once running on a victim’s device, the backdoor verified its MAC address against this table.
If the MAC address matched one of the entries, the malware downloaded the next stage of malicious code. Otherwise, the infiltrated updater did not show any network activity. In total, security experts were able to identify more than 600 MAC addresses hard coded into the malware.
A blog summarizing the attack can be found on Securelist"
You can check on the site:
https://shadowhammer.kaspersky.com/
Aaand another Update on this matter...
"Check if your device has been targeted by the ShadowHammer cyberattack
Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign affecting more than a million computer users worldwide. Between at least June and November 2018, Operation ShadowHammer targeted users of the ASUS Live Update Utility, injecting a backdoor.
Each backdoor code contained a table of hardcoded MAC addresses – the unique identifier of network adapters used to connect a computer to a network. Once running on a victim’s device, the backdoor verified its MAC address against this table.
If the MAC address matched one of the entries, the malware downloaded the next stage of malicious code. Otherwise, the infiltrated updater did not show any network activity. In total, security experts were able to identify more than 600 MAC addresses hard coded into the malware.
A blog summarizing the attack can be found on Securelist"
You can check on the site:
https://shadowhammer.kaspersky.com/
Alessio1989
Senior Member
Posts: 2326
Joined: 2015-06-11
Senior Member
Posts: 2326
Joined: 2015-06-11
#5656102 Posted on: 04/01/2019 08:17 PM
.. and this is why dear sysadmins you should not use chmod 777 on company main server.
.. and this is why dear sysadmins you should not use chmod 777 on company main server.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 225
Joined: 2007-01-04
where the new chips & sales? this gigabyte mobo suite is trash tier p2w bios with EOL adware too. who is making decision at these companies.. last install of windows 10 was messed up. lmao ez crash tune & rgb using 20% cpu and cycling memory.