Webtagr - Technology News Summarizer

Critical Flaw in ASUS MyAsus Exposes Millions of User Accounts

2025-06-24

A security researcher discovered a critical vulnerability in ASUS's MyAsus software, potentially exposing millions of user accounts since August 2022. Hardcoded encrypted credentials with administrator-level permissions allowed access to sensitive data including names, dates of birth, phone numbers, addresses, support ticket contents, and RMA requests. The researcher responsibly disclosed the vulnerability to ASUS, which was patched in May. This highlights the importance of software security and the need for better incentives for security researchers from companies.

One-Click RCE in ASUS DriverHub: A Shocking Vulnerability

2025-05-11

A security researcher discovered a critical vulnerability in ASUS's pre-installed DriverHub software allowing for one-click remote code execution (RCE). The vulnerability stems from insecure RPC handling, enabling attackers to bypass origin checks and execute arbitrary code with administrative privileges. The researcher responsibly disclosed the flaw, and ASUS has since released a patch. Importantly, this impacts any system with DriverHub installed, not just ASUS motherboards. The researcher's detailed exploit chain highlights the severity and potential impact of this vulnerability.

NZ Service Provider Pwned: A Responsible Disclosure Story

2025-03-27

A security researcher discovered a critical database vulnerability in a New Zealand app, KiwiServices, during a penetration test. By manipulating a simple HTTP request, they bypassed authentication and accessed the entire user database, exposing sensitive information like names, emails, and phone numbers. The researcher responsibly disclosed the vulnerability, and KiwiServices fixed it within 30 days. This highlights the importance of security testing and prompt patching.