Security News

Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit. It is unclear how the threat actor managed to inject the rootkit into the firmware images of the target machines but researchers found the malware on machines with ASUS and Gigabyte motherboards.

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. Intelligence agencies from the U.K. and the U.S. have characterized Cyclops Blink as a replacement framework for VPNFilter, another malware that has exploited network devices, primarily small office/home office routers, and network-attached storage devices.

Cyclops Blink malware has infected ASUS routers in what Trend Micro threat researchers say looks like an attempt to turn infected devices into command-and-control servers for future attacks. ASUS says it's working on a remediation for Cyclops Blink and will post software updates as they become available.

The modular botnet known as Cyclops Blink, linked to the same advanced persistent threat behind the NotPetya wiper attacks, is expanding its device targeting to include ASUS routers. "Our investigation shows that there are more than 200 Cyclops Blink victims around the world. Typical countries of infected WatchGuard devices and ASUS routers are the United States, India, Italy, Canada, and a long list of other countries, including Russia."

Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk. Cyclops Blink is a malware linked to the Russian-backed Sandworm hacking group that has historically targeted WatchGuard Firebox and other SOHO network devices.

A flaw in ASUS's ROG Armoury Crate hardware management app could have allowed low-privileged users to execute code as administrator. Federico discovered the vuln after taking a close look at ROG Armoury Crate, finding a DLL hijacking vuln that allowed ordinary users to execute code with SYSTEM privileges after pasting a crafted file into a directory used by the app.

ASUS has released BIOS updates for over two hundred motherboard models to automatically enable the built-in TPM 2.0 security process so that users can upgrade to Windows 11. When Microsoft first announced Windows 11, one of the biggest surprises was the new requirement that computers would need a TPM 2.0 security processor to install or upgrade to the new operating system.

CyberLink announced a partnership with ASUS, by integrating its FaceMe AI facial recognition engine into ASUS's Tinker Board 2 single-board computer. The fruit of a close collaboration between the ASUS IoT and CyberLink's FaceMe team, this joint solution provides ready-to-use, fully integrated facial-recognition capabilities for security, access control, visitor management and contactless experiences for retail, public services, hospitality and more.

ASUS announced the introduction of a comprehensive server portfolio based on the latest AMD EPYC 7003 series processors. The new ASUS RS720A, RS700A, RS520A and RS500A-E11 series servers offer refreshed designs based on both dual-socket and single-socket AMD EPYC 7003 series processors.

McAfee announced a five-year extended global agreement to be the provider of consumer security on ASUS. ASUS customers who purchase a new PC will receive a comprehensive security service pre-installed on their new PC, an optimized user experience, and will receive security tips and recommendations about how to stay protected from the latest threats. According to the recent McAfee Labs Threats Report: November 2020, 419 threats were discovered every minute representing a 12% increase from the first quarter of 2020.