Great way to wake up on Monday morning, especially if you own an ASUS machine.
Kaspersky just published a teaser for a more thorough explanation to come in two weeks at the Kaspersky Security Analysts Summit in Singapore. It’s quite an eye-opener.
Apparently somebody broke into the ASUS update servers, and swapped out a valid software/firmware update with one of their own. The bogus update looked like the genuine thing, with a valid certificate, and its size matched the original’s size. As a result, the bad update stayed on ASUS’s servers “for a long time.”
To read this article in full, please click here