Researcher holds Asus responsible for cyber attack on its software update utility

SHARE:

Highlights: A researcher blames Asus for attack on their software update utility. He claims that company employees shared passwords on Gith...

Highlights: A researcher blames Asus for attack on their software update utility. He claims that company employees shared passwords on Github which gave hackers access to company’s corporate network. Apparently, Asus got a heads up two months before the attack was executed.   Asus is being held responsible for the attack on its software update utility that was hacked to install malware on thousands of computers. A researcher has claimed that an Asus employee left passwords on code-sharing platform GitHub that gave hackers access to company’s corporate network. Moreover, it is also being claimed that the Taiwanese tech company was warned two months before the attack was executed. Citing a security researcher, who goes by name SchizoDuckie, Tech Crunch reported that Asus was warned two months ago that employees were “improperly publishing passwords in their GitHub repositories” that could be used to access the company’s corporate network. A password was found in an employee repo which allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners. The researcher claims that the repo in question was owned by an Asus engineer who left the email account’s passwords publicly exposed for at least a year. “It was a daily release mailbox where automated builds were sent,” the researcher was quoted as saying. He also said that the emails in the mailbox of that employee had the exact internal network path where drivers and files were stored, which apparently made it easy for attackers to execute the plan. “All you’d need is send one of those emails with an attachment to any of the recipients for a real nice spearphishing attack,” he said, adding, “Companies have no clue what their programmers do with their code on GitHub.” TechCrunch claims that a day after the company was alerted about the researcher’s email, the repos containing the credentials were pulled offline and wiped clean. However, Asus spokesperson Randall Grilli said that the computer maker was “unable to verify the validity” of the claims in the researcher’s emails. Asus has already released a fix for the issue. “We have updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future. Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution,” Asus told Digit in a statement. Related Read: NotPetya is a wiper, not ransomware: Here's what that means 4% of Indian users attacked by banking Trojans in 2018: Kaspersky Lab

from Latest Technology News https://ift.tt/2FDXvOB

COMMENTS

Name

7,1,Airtel,1,Andriod,1,Android,4,Android Q,1,apex,1,Apple,7,Apps,1,Asus Rog,1,Black Shark 2,2,Boeing 737 MAX,1,Bsnl,2,camera,2,CPU,3,Donald Trump,1,Earphone,1,Facebook,5,Fan,1,Fitbit,1,foldable Phone,2,Fortnite,1,Galaxy A40,1,Galaxy s10,1,Galaxy s10e,1,Games,10,gaming,1,Google,6,Google Pixel 2,1,Honor 10i,1,Huawe,1,Huawei,6,Huawei GT,1,IBM,1,Instagram,2,Internet,2,ios,2,iPad,2,iphone,2,Israel,1,jiomart,1,Laptop,1,Leica Q2,1,M20,1,mac,1,MacOS,1,Mi 9,1,Mi A2,1,Mi LED TV,1,MicroSoft,3,mobile,1,Moon,2,Mozilla,1,Nasa,2,News,1,Nokia,4,Nokia 62,1,Nvidias,1,OnePlus,4,Oppo,5,P30,3,Pixel,1,Poco F1,1,Pubg,12,Qualcomm,2,Redmi 3,1,Redmi 6 Pro,1,Redmi 7,1,Redmi Note 7,1,reliance,1,Reno,1,samsung,11,Skype,1,SmartPhone,56,Social,5,Spotify,1,Tech,35,Telecom,3,Touchpad,1,Tournament,1,TV,1,Twitter,1,Vivo,2,Watch,2,WhatsApp,1,Xbox,1,Xiaomi,16,y9li,1,
ltr
item
Genius Baba: Researcher holds Asus responsible for cyber attack on its software update utility
Researcher holds Asus responsible for cyber attack on its software update utility
https://static.digit.in/default/589e4f83c96e7d6408e0f05a7f86ebe2ce1fd268.jpeg
Genius Baba
https://geniusbabaa.blogspot.com/2019/03/researcher-holds-asus-responsible-for.html
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/2019/03/researcher-holds-asus-responsible-for.html
true
7104319406113350277
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy