ASUS Patches Live Update Bug

ASUS Patches Live Update Bug

ASUS has rushed out a patch for a major vulnerability that’s infecting thousands of PCs. The bug has allowed an advanced persistent threat group to launch “Operation ShadowHammer,” a massive supply-chain attack.

This exploit has targeted a variety of ASUS PCs with a backdoor injection technique linked to a faulty software update system. Kaspersky security researchers first discovered that the software was used to distribute malware to users in January 2019.

Who is affected?

Users of the ASUS Live Update Utility were the main targets of the attack. ASUS Live Update is pre-installed on most ASUS computers and is used to automatically update certain components such as BIOS, UEFI, drivers and applications. According to researchers, more than a million worldwide may have been impacted.

Kaspersky Lab said that the attackers first launched the exploit via stolen digital certificates used by ASUS to sign legitimate binaries. They then altered older versions of ASUS software to inject their own malicious code.

If users have impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings.

Recent Posts

Topics

Related Posts

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

April 20, 2024
In the News: Brute-force attacks surge worldwide, warns Cisco Talos

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

April 17, 2024
In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 9, 2024