Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

APT

ASUS fixes supply chain of Live Update tool hit in Operation ShadowHammer

ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer. ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users.  The Operation ShadowHammer took […]

operation shadowhammer

ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer.

ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users. 

The Operation ShadowHammer took place between June and November 2018, but experts from Kaspersky Lab discovered it in January 2019.

Over 1 million ASUS users may have been impacted by a supply chain attack that leveraged the ASUS Live Update utility to inject a backdoor in ASUS systems.

Discovered by Kaspersky in January 2019, Operation ShadowHammer took place between June and November 2018 and leveraged the proprietary tool that comes pre-installed on ASUS notebooks. The attack remained hidden because the actors used a stolen certificate to sign the compromised software.

Experts pointed out that Operation ShadowHammer was a targeted attack that surgically hit only 600 specific MAC addresses, but Kaspersky couldn’t determine the exact number of users who installed the tainted utility.

After Kaspersky disclosed the supply chain attack, ASUS has confirmed that a backdoor was delivered through a tainted version of its utility.

Asus has provided support to the victims to help them in removing the threat.

“A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group,” ASUS said in an emailed statement. 

ASUS addressed fixed the Live Update utility with the release of the version 3.6.8. The vendor implemented “multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means.”

It also implemented an enhanced end-to-end encryption mechanism and improved security of server-to-end-user communication.

The vendor also developed an online security diagnostic tool that allows users to check whether their computers have been impacted.

We encourage users who are still concerned to run it as a precaution,” ASUS says.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Asus, supplu chain attack)

[adrotate banner=”5″]

[adrotate banner=”13″]