- Joined
- Mar 10, 2015
- Messages
- 3,984 (1.20/day)
System Name | Wut? |
---|---|
Processor | 3900X |
Motherboard | ASRock Taichi X570 |
Cooling | Water |
Memory | 32GB GSkill CL16 3600mhz |
Video Card(s) | Vega 56 |
Storage | 2 x AData XPG 8200 Pro 1TB |
Display(s) | 3440 x 1440 |
Case | Thermaltake Tower 900 |
Power Supply | Seasonic Prime Ultra Platinum |
Looks like their updater may have been compromised.
https://motherboard.vice.com/en_us/...o-install-backdoors-on-thousands-of-computers
Edit: In case you don't read it, you were likely not a target.
Edit 2:
It does seem like they have been unresponsive and reportedly not notified any customers. Although considering the highly targeted nature, I'm not sure if it matters but pretty rotten not to let people know about it.
https://motherboard.vice.com/en_us/...o-install-backdoors-on-thousands-of-computers
Edit: In case you don't read it, you were likely not a target.
Edit 2:
It does seem like they have been unresponsive and reportedly not notified any customers. Although considering the highly targeted nature, I'm not sure if it matters but pretty rotten not to let people know about it.
Kamluk said Kaspersky notified ASUS of the problem on January 31, and a Kaspersky employee met with ASUS in person on February 14. But he said the company has been largely unresponsive since then and has not notified ASUS customers about the issue.
The attackers used two different ASUS digital certificates to sign their malware. The first expired in mid-2018, so the attackers then switched to a second legitimate ASUS certificate to sign their malware after this.
Kamluk said ASUS continued to use one of the compromised certificates to sign its own files for at least a month after Kaspersky notified the company of the problem, though it has since stopped. But Kamluk said ASUS has still not invalidated the two compromised certificates, which means the attackers or anyone else with access to the un-expired certificate could still sign malicious files with it, and machines would view those files as legitimate ASUS files.
Last edited: