Skip to main content

Researcher holds Asus responsible for cyber attack on its software update utility

Highlights: A researcher blames Asus for attack on their software update utility. He claims that company employees shared passwords on Github which gave hackers access to company’s corporate network. Apparently, Asus got a heads up two months before the attack was executed.   Asus is being held responsible for the attack on its software update utility that was hacked to install malware on thousands of computers. A researcher has claimed that an Asus employee left passwords on code-sharing platform GitHub that gave hackers access to company’s corporate network. Moreover, it is also being claimed that the Taiwanese tech company was warned two months before the attack was executed. Citing a security researcher, who goes by name SchizoDuckie, Tech Crunch reported that Asus was warned two months ago that employees were “improperly publishing passwords in their GitHub repositories” that could be used to access the company’s corporate network. A password was found in an employee repo which allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners. The researcher claims that the repo in question was owned by an Asus engineer who left the email account’s passwords publicly exposed for at least a year. “It was a daily release mailbox where automated builds were sent,” the researcher was quoted as saying. He also said that the emails in the mailbox of that employee had the exact internal network path where drivers and files were stored, which apparently made it easy for attackers to execute the plan. “All you’d need is send one of those emails with an attachment to any of the recipients for a real nice spearphishing attack,” he said, adding, “Companies have no clue what their programmers do with their code on GitHub.” TechCrunch claims that a day after the company was alerted about the researcher’s email, the repos containing the credentials were pulled offline and wiped clean. However, Asus spokesperson Randall Grilli said that the computer maker was “unable to verify the validity” of the claims in the researcher’s emails. Asus has already released a fix for the issue. “We have updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future. Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution,” Asus told Digit in a statement. Related Read: NotPetya is a wiper, not ransomware: Here's what that means 4% of Indian users attacked by banking Trojans in 2018: Kaspersky Lab

from Latest Technology News https://ift.tt/2FDXvOB
Labels:

Comments

Post a Comment

Popular posts from this blog

Amazon Great Indian Festival Sale 2023: Best Camera Smartphones Under Rs. 20,000

Amazon Great Indian Festival Sale 2023 is currently underway with great offers and discounts on a wide range of products. If you are on a tight budget and looking to upgrade to a smartphone with better camera features, the ongoing sale currently offers plenty of choices. Here are some of the best camera smartphones under Rs. 20,000. from Gadgets 360 https://ift.tt/AUWj8uo
Post a Comment
Read more

Infinix Note 40X 5G With Dimensity 6300 5G SoC, 108-Megapixel Rear Camera Launched in India: All Details

Infinix Note 40X 5G was launched in India on Monday (August 5). The latest Note series phone from the Transsion Holdings subsidiary comes with a MediaTek Dimensity 6300 5G under the hood paired with up to 12GB of RAM. The Infinix Note 40X 5G boasts a triple rear camera setup headlined by a 108-megapixel main sensor and packs a 5,000mAh battery. from Gadgets 360 https://ift.tt/ZIHkQUw
Post a Comment
Read more

2020 iPhone could support time-of-flight 3D sensors: Report

While the 2019 iPhones are yet to be launched, the rumour mill is already churning out predictions for the 2020 iPhones. According to some reports, Apple is expected to release three new iPhones this year. As for 2020, the tech giant could supposedly incorporate time-of-flight (ToF) sensors in the future iPhones. Additionally, Apple might also include 5G connectivity in next year’s iPhone models. Previously, a report speculated that Apple might introduce VCSEL (Vertical Cavity Surface-Emitting Laser) ToF sensors on the rear of the 2020 iPhone models. The setup is similar to the TrueDepth camera setup found on the current iPhone models, but on the front. Ming Chi Kuo, a well-known analyst, has also predicted that Apple might bring ToF sensors to its 2020 iPhone lineup. In the latest research note shared by 9to5Mac, Kuo claims that at least two of the 2020 iPhone models could feature a ToF sensor on the rear. Furthermore, Kuo added that Apple might introduce three iPhone models next ye
Post a Comment
Read more