Bitcoin Futures Are A Great Buy At $8,500

4m
cryptonewmedia

View the Bitcoin Blockchain First Hand in 3D

9m
cryptodaily

Can Facebook’s Libra Be Used For Illicit Transactions? |

40m
cryptonewmedia

Fundstrat: Bakkt’s Launch Expected by Late Q3, Could Be ‘Huge Accelerator for Market Growth’

1h
cryptoglobe

Why Is A VPN Absolutely Necessary For You?

1h
bitcoinwarrior

Bitcoin’s Bull Run in 2015-2017 is Very Similar to What We’re Seeing Now, Analyst Opines

1h
zycrypto

Week of Crypto-Regulations: Governments in the US, China and India Take Heed

1h
coingape

Financial Analyst: Bitcoin Futures Are A Great Buy At $8,500

1h
bitcoinist

Despite Being “For Everyone,” Those Banned from Facebook Likely Can’t Use Libra

2h
beincrypto

Bitcoin Price (BTC) Signaling Bullish Continuation To $11K

2h
cryptonewmedia

Can Facebook’s Libra Be Used For Illicit Transactions?

2h
bitcoinwarrior

NYDAX: Seeking to Disrupt Wall Street and Pave the Way to Digitized Securities

2h
bitcoinwarrior

CGC Kyiv 2019, the largest blockchain gaming conference announced on Oct 10-11 – 1500 delegates from 50 countries, 100 speakers, VR, AR, hackathon

2h
block

Blockchain Life 2019

2h
block

The Future of Automation in UX and Design System Ecosystems with Jiří Třečák (Supernova) at TCE2019 Prague

2h
block

Bitso Get License to Operate XRP-based xRapid Transactions in Mexico

2h
thebitcoinnews

This Week in Cryptocurrency: July 19th, 2019

2h
thebitcoinnews

Zcash Forks Into New Blockchain Network Ycash

2h
thebitcoinnews

550 Bitcoins Locked in Ethereum-based Tokens Called WBTC

2h
thebitcoinnews

Libra Does Not Qualify as a Crypto, the World Doesn’t Need it: BlackRock CEO

2h
thebitcoinnews

Hayek’s 1984: Rediscovered Footage Shows Austrian Economist Predicting Bitcoin

2h
thebitcoinnews

7 Unorthodox Ways to Mine Bitcoin

2h
thebitcoinnews

Bitcoin Cash Milestones: Delivered Code, Upgrades and Platform Development

2h
thebitcoinnews

Bitcoin and Cryptocurrency Not Banned in India, Government Official Confirms

3h
coingape

Ex-Microsoft Engineer Charged with Mail Fraud After Stealing Millions in Digital Currency

4h
beincrypto


ASUS Update Service Allegedly Spreads Malware After MitM Attack

nulltx

2mon ago

None of the technology firms in existence today wants to be associated with nefarious activity. In the real world, however, it is not as easy to avoid such situations. For ASUS, its update mechanism has fallen victim to more abuse by criminals. Through this service, hackers were able to install backdoor malware on target PCs.

On the one hand, it is commendable to see PC manufacturers offer an update system to keep their clients’ computers protected. It is convenient and appreciated by consumers all over the world. Unfortunately, such services will also attract a lot of unwanted attention. ASUS knows this all too well, as it is not the first time the company’s update system is attacked.

Earlier this week, it became apparent ASUS’ live update service was offering some rather unusual software. Eset researchers confirmed the service was actively distributing malware which can be used to gain backdoor access to infected computers. The exact attack vector remains unclear, albeit a router-level man-in-the-middle attack to breach insecure HTTP connections may be partially to blame.

Additionally, there are some concerns as to how received files are authenticated before they’re executed on the user’s computer. Under normal circumstances, such a code-signing process should prove to be rather foolproof. In the case of ASUS, there are some lingering questions as to whether or not something may be amiss in that regard. Regardless of the outcome, the Plead malware is actively distributed through ASUS’ update service.

The choice for distributing this particular malware is a bit unusual. Plead is primarily used to target private firms and government agencies across all of Asia. It has been distributed in many different ways, including the use of fake code-signing certificates from D-Link. Spear phishing and exploitable routers have also proven to be successful methods of distribution.

According to Eset’s researchers, there is a man-in-the-middle vulnerability which plagues ASUS Webstorage software. It is uncertain why the technology company uses non-HTTPS connections for the requests and delivery of updates in 2019. It seems that decision has left the service vulnerable to attack, which has now been officially exploited. It is important to note ASUS’ network was never breached, but one of their services may need to be revised sooner rather than later.

Interestingly enough, it would appear ASUS Cloud was well aware of an issue affecting its WebStorage service. Back in April of 2019, the update server was shut down temporarily to stop a different kind of attack. It is unclear if both incidents are related to one another. Two major problems affecting the same service in little over a month is particularly worrisome. There is still a lot of explaining to do at this time.

Image(s): Shutterstock.com

Regarding any copyrights issue, please contact us:content@hashbee.com.

0 comments