this post was submitted on 19 Dec 2025
29 points (100.0% liked)

Cybersecurity

8856 readers
10 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
29
CISA Warns of Exploited Flaw in Asus Update Tool - SecurityWeek (www.securityweek.com)
submitted 1 week ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
4 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] infeeeee@lemmy.zip 6 points 1 week ago

The warning refers to Operation ShadowHammer, a sophisticated supply chain attack mounted in 2018 by Chinese state-sponsored hackers

[...]

The attack was uncovered in January 2019 and Asus released a patch by March the same year.

It was already patched ~7 years ago, but CISA only warns now?

While over 1 million Asus users might have downloaded the backdoored utility, the hackers were reportedly interested in only around 600 specific devices, based on hashed MAC addresses hardcoded in various versions of the tool.

Per Binding Operational Directive (BOD) 22-01, federal agencies have three weeks to identify vulnerable products in their environments and address the issue.

The hackers targeted this to 600 devices then waited 7 years and expected the targets won't upgrade this app? This sounds strange, or I'm misunderstanding something.