Careless ASUS staff may have been looking for ShadowHammer's attack


A security researcher has registered three cases where staff from the Taiwanese hardware firm ASUS have published company access data on the web. In one case, the data should be available online for a year at least. And of course in the same period as the "ShadowHammer", which was made publicly by Kapersky Lab last Monday, was held.

The antiviral software company had found an abnormal code in the form of valuable ASUS updates on its customers' computers. He informed hundreds of thousands of owners of ASUS's notebook through one of the previous servers that had been split.

The researcher, using the name SchizoDuckie on Twitter, told the News News TechCrunch website that, on 1 February 2019, he had noticed ASUS for the publicly available access data. – just one day after Kaspersky Lab ASUS switch to ShadowHammer attack already made.

It is not known whether the data on access and the accidents of the ASUS server were linked, but it is not manageable.

SchizoDuckie created the worst data records in the ASUS GitHub engine archive. To TechCrunch, the researcher said it had the option of providing an organisation's email box at least one year. In the daily automated device the ASUS software comes ashore. What software is unclear from the TechCrunch article?

It is unlikely that the main one behind ShadowHammer in that post box would bring the ASUS software in which they would interrupt their own raw flesh code. As Kaspersky Lab had submitted a submission for his blog that this had already been sent out about ASUS.

Shadowhammer is also more interesting that SchizoDuckie in the postbox also emails information about internal network routes causing drivers and other files. On top of that, the researcher told TechCrunch how easy it would be for attackers to attack attacks by company employees through the account. He regularly commented on his findings with screenshots, according to TechCrunch.

In two other cases, where the TechCrunch article provides less information, the security researcher also states that they have found ASUS access data in the GitHub staff archives.

One day after ASUS became aware of the SchizoDuckie results, all access data in the sources should be removed. Credits to the email account the researcher was given the opportunity to work for six days after the journal.

An ASUS spokesperson responded to TechCrunch – particularly against the backdrop of events – a hugely disappointing and uncertain thing about the discovery of SchizoDuckie. He stated that according to TechCrunch, the company would not be able to demonstrate the correction of allegations. He then said that ASUS are currently reviewing all systems to remove any known risks and ensure that there is no outlet.

More information on the topic:


Source link