4 Reasons for the Healthcare Industry to Focus on Blockchain Technology

30m
cryptodaily

China Planning to Use Blockchain to Create a Free Trade Port in Hainan

30m
coinidol

Tencent Aims to Establish 100-Member Blockchain Alliance in 2020

36m
cryptonewmedia

Dow Futures Drop But a Blistering 9% Jump Awaits, Predicts Analyst

36m
cryptonewmedia

‘Crypto Mom’ Hester Peirce to Remain SEC Commissioner on…

36m
cryptonewmedia

Ethereum Developer Danny Ryan on the State of ETH 2.0, Answers Reddit…

36m
cryptonewmedia

Kin Price Prediction and Analysis in June 2020

42m
thebitcoinnews

Ripple Discusses ‘Institutional Matters’ With Central Bank of Brazil

1h
bitcoinnews

Could BTC return to it’s high of $20,000? New Bloomberg report suggests so

1h
cryptodaily

Bitcoin, Stocks Fall as Dollar Rebounds ahead of U.S. Trade Data

1h
newsbtc

Ripple Battles Downward Correction, Unable to Push Above $0.215 Resistance

1h
coinidol

Crypto exchange CoinDCX adopts Onfido’s fully automated KYC » CryptoNinjas

1h
cryptonewmedia

Mobile Gaming Company Playtika Hires Top Banks for $1 Billion U.S. IPO

1h
cryptonewmedia

Canada Officially Classified Cryptocurrency Companies as Financial…

1h
cryptonewmedia

Ex-Yang Aide Is Running for Congress with Bitcoin and UBI on His Mind

1h
cryptonewmedia

Gun stocks soar as background checks soar past 3M |

1h
cryptonewmedia

Craig Wright Refutes Early Miner Signed Message Calling Him Out

1h
cryptoglobe

CryptoDaily’s CRDT Token: Cryptocurrency indices

2h
cryptodaily

Exponential Growth: Bitcoin’s Trading Volume Could Rival Major Asset Classes

2h
thebitcoinnews

‘Careless’ Users Are Ruining Ethereum’s Privacy: Paper

2h
cryptonewmedia

Millennials Need to Get Smarter This Stock Market: Ex-Central Banker

2h
cryptonewmedia

Canada Officially Classified Cryptocurrency Companies as Financial Service Businesses

2h
coinidol

Here’s why analysts say Bitcoin’s 14% drop on June 2 is actually healthy for the medium-term trend

2h
cryptoslate

This mining pool’s selling activity suggests Bitcoin is far from being bullish

2h
cryptoslate

Crypto scams are alive and well; CipherTrace reveals $1.4 billion in crypto stolen in 2020

2h
cryptoslate


ASUS Update Service Allegedly Spreads Malware After MitM Attack

nulltx

1yr ago

None of the technology firms in existence today wants to be associated with nefarious activity. In the real world, however, it is not as easy to avoid such situations. For ASUS, its update mechanism has fallen victim to more abuse by criminals. Through this service, hackers were able to install backdoor malware on target PCs.

On the one hand, it is commendable to see PC manufacturers offer an update system to keep their clients’ computers protected. It is convenient and appreciated by consumers all over the world. Unfortunately, such services will also attract a lot of unwanted attention. ASUS knows this all too well, as it is not the first time the company’s update system is attacked.

Earlier this week, it became apparent ASUS’ live update service was offering some rather unusual software. Eset researchers confirmed the service was actively distributing malware which can be used to gain backdoor access to infected computers. The exact attack vector remains unclear, albeit a router-level man-in-the-middle attack to breach insecure HTTP connections may be partially to blame.

Additionally, there are some concerns as to how received files are authenticated before they’re executed on the user’s computer. Under normal circumstances, such a code-signing process should prove to be rather foolproof. In the case of ASUS, there are some lingering questions as to whether or not something may be amiss in that regard. Regardless of the outcome, the Plead malware is actively distributed through ASUS’ update service.

The choice for distributing this particular malware is a bit unusual. Plead is primarily used to target private firms and government agencies across all of Asia. It has been distributed in many different ways, including the use of fake code-signing certificates from D-Link. Spear phishing and exploitable routers have also proven to be successful methods of distribution.

According to Eset’s researchers, there is a man-in-the-middle vulnerability which plagues ASUS Webstorage software. It is uncertain why the technology company uses non-HTTPS connections for the requests and delivery of updates in 2019. It seems that decision has left the service vulnerable to attack, which has now been officially exploited. It is important to note ASUS’ network was never breached, but one of their services may need to be revised sooner rather than later.

Interestingly enough, it would appear ASUS Cloud was well aware of an issue affecting its WebStorage service. Back in April of 2019, the update server was shut down temporarily to stop a different kind of attack. It is unclear if both incidents are related to one another. Two major problems affecting the same service in little over a month is particularly worrisome. There is still a lot of explaining to do at this time.

Image(s): Shutterstock.com

Regarding any copyrights issue, please contact us:content@hashbee.com.

0 comments