Wednesday, November 29, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Strengthening Cybersecurity to Enhance Compliance: The Splunk and CrowdStrike Advantage
  • FileCloud + Votiro: Revolutionizing File Security and Collaboration
  • “Known Good” or “Known Bad”: Choosing a Starting Point for OT Cybersecurity
  • Okta Screws Up (Yet Again) — ALL Customers’ Data Hacked, not just 1%
  • Federal Judge Lets FTC Continue with Restrictions Against Meta
Data Security Malware Security Bloggers Network 

Home » Cybersecurity » Data Security » ASUS pushes out urgent security update after attackers hacked its automatic Live Update tool

SBN

ASUS pushes out urgent security update after attackers hacked its automatic Live Update tool

by Graham Cluley on March 27, 2019

Taiwan-based technology giant ASUS is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using ASUS’s own Live Update software tool.

AI on ActionSponsorships Available

As Motherboard reported earlier this week, researchers at Kaspersky discovered that malicious hackers had successfully planted malware posing as an official ASUS security update onto ASUS’s servers and signed it with two of the company’s legitimate digital certificates.

In its own confirmation of the incident, Symantec revealed that at least 13,000 computers belonging to its customers were infected with the malicious software update pushed from ASUS’s Live Update server last year.

Upon installation, the malicious update received by ASUS notebooks launched a scan to determine if it was running on one of the 600 unique devices that the hackers were targeting, all with the intention of downloading further malware.

The supply-chain attack, which has been dubbed “Operation ShadowHammer,” has raised a number of questions including:

DevOps Unbound Podcast
  • How was ASUS’s infrastructure compromised?
  • How did the hackers manage to get hold of ASUS’s digital certificates in order to sign the code to make it appear as though it really were from ASUS?
  • Who was behind the attack, and why were they targeting those 600-or-so PCs?

Right now, we don’t have answers for any of those questions, though many think the attack’s sophisticated and targeted nature could mean that state-sponsored hackers, perhaps with espionage in mind, were responsible for the campaign.

There aren’t any additional details in ASUS’s press statement, a notice which mainly reviews the details of the incident:

A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/asus-security-update-live-update-tool-hacked/

March 27, 2019March 27, 2019 Graham Cluley Asus, Featured Articles, IT Security and Data Protection, Malware, ShadowHammer, supply chain
  • ← Popular Web Browser’s Hidden Ability Threatens 500M Google Play Users
  • WordPress Giribaz File Manager Vulnerability Actively Exploited in the Wild →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Dec 07

Improved Patient Experience: What That Means for Your Cybersecurity Posture

December 7 @ 1:00 pm - 2:00 pm
Dec 11

How Boundless Software Accelerated Customer Onboarding With Calico Cloud and Amazon EKS

December 11 @ 11:00 am - 12:00 pm
Dec 11

API Security

December 11 @ 1:00 pm - 2:00 pm
Dec 14

AWS Immersion Day: Securing Your Infrastructure-as-Code With Snyk and HashiCorp

December 14 @ 1:00 pm - 3:00 pm
Dec 19

Optimizing Application Security Effectiveness – Key Findings From the ESG Report

December 19 @ 9:00 am - 10:00 am
Feb 12

Ransomware

February 12, 2024 @ 1:00 pm - 2:00 pm
Mar 11

Securing Open Source

March 11, 2024 @ 1:00 pm - 2:00 pm
May 20

Zero-Trust

May 20, 2024 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Meta Sued for Ignoring its Underage Kids Problem (Because Money)
Small Business Cybersecurity Hampered by Fear of Change, Judgement
Security is an Economically Resilient Market: Strategies for Uncertain Times
UK, South Korea Warn of North Korea Supply-Chain Attacks
Okta Screws Up (Yet Again) — ALL Customers’ Data Hacked, not just 1%
A Comprehensive Guide to Software Penetration Testing
SOA VS MICROSERVICES – What’s the difference?
Cybersecurity Insurance is Missing the Risk
A Comprehensive Guide to Writing a Cyber Security Audit Report
FBI And CISA Warn Of Rhysida Ransomware Threat

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

Okta Screws Up (Yet Again) — ALL Customers’ Data Hacked, not just 1%
Analytics & Intelligence API Security Application Security AppSec Cloud Security Cloud Security Cybersecurity Data Privacy Data Security Deep Fake and Other Social Engineering Tactics DevOps DevSecOps Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Insider Threats IOT Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Securing Open Source Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

Okta Screws Up (Yet Again) — ALL Customers’ Data Hacked, not just 1%

November 29, 2023 Richi Jennings | 5 hours ago 0
CISA Urges Congress to Reauthorize Key Chemical Security Program
Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Industry Spotlight IoT & ICS Security News Security Awareness Security Boulevard (Original) Spotlight 

CISA Urges Congress to Reauthorize Key Chemical Security Program

November 28, 2023 Jeffrey Burt | Yesterday 0
Meta Sued for Ignoring its Underage Kids Problem (Because Money)
AI and ML in Security Analytics & Intelligence Application Security AppSec Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Deep Fake and Other Social Engineering Tactics DevOps DevSecOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Operations Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches Vulnerabilities Zero-Trust 

Meta Sued for Ignoring its Underage Kids Problem (Because Money)

November 27, 2023 Richi Jennings | 2 days ago 0

Top Stories

Federal Judge Lets FTC Continue with Restrictions Against Meta
Cybersecurity Data Privacy Data Security Featured Governance, Risk & Compliance Mobile Security News Security Awareness Security Boulevard (Original) Spotlight 

Federal Judge Lets FTC Continue with Restrictions Against Meta

November 29, 2023 Jeffrey Burt | 5 hours ago 0
N. Korean Threat Groups Mixing Tactics to Evade Detection
Blockchain Cloud Security Cybersecurity Data Privacy Endpoint Featured Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

N. Korean Threat Groups Mixing Tactics to Evade Detection

November 29, 2023 Jeffrey Burt | 7 hours ago 0
KubeCon 2023: Bridging the AppSec Tools Gap
Application Security Cloud Security Cybersecurity Governance, Risk & Compliance News Security Boulevard (Original) Social - Facebook Social - X 

KubeCon 2023: Bridging the AppSec Tools Gap

November 28, 2023 Alan Shimel | Yesterday 0

Security Humor

A ballet dancer sits in a chair, head in hands. The text “IT’S EVEN WORSE” is superimposed.

Okta Screws Up (Yet Again) — ALL Customers’ Data Hacked, not just 1%

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.

Cloud Workload Resilience PulseMeter

Step 1 of 8

12%
How do you define cloud resiliency for cloud workloads? (Select 3)(Required)
  • Smaller, self-contained microservices fail independently without impacting overall availability.
  • Containerized software provides isolation and consistency, making it easier to scale and recover from failure.
  • Stateless design patterns increase scalability and can fail independently without impacting other parts of cloud applications.
  • Serverless design pattern allows events to initiate the operation of the discrete functions as needed.
  • Cloud-native architecture significantly influences the resiliency of cloud-deployed applications.
  • Cloud-native architecture provides limited or no resiliency improvement.
How important is improving the resiliency of cloud workloads for your organization in 2024? (Select 1)(Required)
Which of the following do you use to improve the resiliency of cloud workloads? (Select all that apply)(Required)
  • Distribute workloads
  • Portable workloads across multiple cloud providers
  • Move some workloads to the edge
  • Kubernetes clusters for failover and load distribution
  • Stateless software design
  • Increased security posture
  • Setting meaningful and achievable resiliency goals
What are the most significant challenges to improving the resiliency of cloud workloads or cloud-native applications? (Select all that apply)(Required)
How much of your cloud workload is cloud-native today? (Select 1)(Required)
What is your business or organization's size (# employees)? (Select 1)(Required)