CISA warns of renewed risk from Asus update backdoor.

CISA says hackers are exploiting a critical flaw in the discontinued Asus Live Update utility, a backdoor originally planted during the 2018 Operation ShadowHammer supply chain attack. The malicious code, tied to APT41, was embedded in versions of the updater that shipped on millions of devices, though the attackers targeted only a few hundred specific systems. Asus patched the issue in 2019 but recently ended support for the tool while still urging users to update to newer versions that fix security defects. CISA has now added the vulnerability to its KEV catalog and instructed federal agencies to identify and remove the utility from their environments.

Read more:

https://www.securityweek.com/cisa-warns-of-exploited-flaw-in-asus-update-tool/