Security News

ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.

ASUS has apologized to its customers for a server-side security maintenance error that has caused a wide range of impacted router models to lose network connectivity. The problem has been extensively reported on social media and discussion platforms since May 16, 2023, with people appearing puzzled by the simultaneous connectivity issues on multiple ASUS routers and others complaining about the lack of communication from the vendor's side.

New research from Kaspersky exposes a rootkit dubbed CosmicStrand, which sits quietly in the Unified Extensible Firmware Interface of specific computers. According to Kaspersky, the rootkit is located in the firmware images of Gigabyte or ASUS motherboards.

Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit. It is unclear how the threat actor managed to inject the rootkit into the firmware images of the target machines but researchers found the malware on machines with ASUS and Gigabyte motherboards.

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. Intelligence agencies from the U.K. and the U.S. have characterized Cyclops Blink as a replacement framework for VPNFilter, another malware that has exploited network devices, primarily small office/home office routers, and network-attached storage devices.

Cyclops Blink malware has infected ASUS routers in what Trend Micro threat researchers say looks like an attempt to turn infected devices into command-and-control servers for future attacks. ASUS says it's working on a remediation for Cyclops Blink and will post software updates as they become available.

The modular botnet known as Cyclops Blink, linked to the same advanced persistent threat behind the NotPetya wiper attacks, is expanding its device targeting to include ASUS routers. "Our investigation shows that there are more than 200 Cyclops Blink victims around the world. Typical countries of infected WatchGuard devices and ASUS routers are the United States, India, Italy, Canada, and a long list of other countries, including Russia."

Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk. Cyclops Blink is a malware linked to the Russian-backed Sandworm hacking group that has historically targeted WatchGuard Firebox and other SOHO network devices.

A flaw in ASUS's ROG Armoury Crate hardware management app could have allowed low-privileged users to execute code as administrator. Federico discovered the vuln after taking a close look at ROG Armoury Crate, finding a DLL hijacking vuln that allowed ordinary users to execute code with SYSTEM privileges after pasting a crafted file into a directory used by the app.

ASUS has released BIOS updates for over two hundred motherboard models to automatically enable the built-in TPM 2.0 security process so that users can upgrade to Windows 11. When Microsoft first announced Windows 11, one of the biggest surprises was the new requirement that computers would need a TPM 2.0 security processor to install or upgrade to the new operating system.