#firmwaresecurity

Source: Binarly | CERT/CC Read more: CyberSecBrief

You must know the proper procedure for the Asus router firmware update if you don't know then don't worry, we are here to help you. You must log into the router's interface before starting to update firmware. Just go to the Firmware update section. From here you can easily update the firmware. If you are facing any other problem then visit our website.

https://bit.ly/3MFlbEZ - 🔍 Eclypsium platform recently discovered potential backdoor-like behavior in Gigabyte systems. The firmware in these systems initiates a Windows executable during system startup that insecurely downloads and executes additional payloads. This behavior is reminiscent of past OEM backdoor features exploited by threat actors, such as Computrace backdoor. The issue has been found across hundreds of Gigabyte PC models, signaling a possible supply chain risk. Eclypsium is working closely with Gigabyte to rectify this issue. #CyberSecurity #SupplyChainRisk 📊The primary attack vectors include compromise in the supply chain, local environment compromise, and malware persistence through this firmware functionality. The details of these risks and suggested mitigation strategies will be made available after a typical vulnerability disclosure timeline. #InfoSec #CyberThreats 🔬 Key findings from Eclypsium reveal two main issues: 1) The firmware on Gigabyte systems drops an executable Windows binary during the Windows startup process. 2) This binary insecurely downloads and executes additional payloads from the Internet. As issues like these continue to be discovered, Eclypsium persists in its at-scale analysis of the IT supply chain. #FirmwareSecurity #CyberAttack 🚀 The first stage involves a Windows Native Binary executable embedded within UEFI firmware binary. This executable uses the Windows Native API to write the contents of an embedded executable to the system, similar to methods used by other UEFI firmware implants. The second stage involves the dropped Windows executable, a .NET application, downloading and running further executables. It's noted that remote server certificate validation is not correctly implemented in both HTTP and HTTPS scenarios, raising the risk of MITM attacks. #TechSecurity #MITM 📉The risks include abuse of an OEM backdoor by threat actors, compromise of the OEM update infrastructure and supply chain, UEFI rootkits and implants persistence, MITM attacks on firmware and software update features, and ongoing risk due to unwanted behavior within official firmware. These potential threats underline the importance of security measures in the IT supply chain. #CyberRisk #ITSecurity 🛡️ Eclypsium recommends caution when using Gigabyte systems and taking steps such as scanning and monitoring systems, inspecting and disabling the “APP Center Download & Install” feature in UEFI/BIOS Setup, setting a BIOS password, and blocking certain URLs. These actions can help minimize the risk associated with these backdoor-like behaviors.