https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
 
Hackers have compromised the Live Update servers of ASUS, making them push malware to thousands of computers configured to fetch and install updates automatically. These include not just PC motherboards, but also pre-builts such as notebooks and desktops by ASUS. Smartphones and IoT devices by ASUS are also affected. Hackers have managed to use valid ASUS digital certificates to masquerade their malware as legitimate software updates from ASUS. 
 
Kaspersky Labs says that as many as half a million devices have fallen prey to malware pushed to them by ASUS. The cybersecurity firm says it discovered the malware in January 2019 when implementing a new supply-chain detection technology, and informed ASUS by late-January. Kaspersky even sent a technically-sound representative to meet with ASUS in February. Kaspersky claims that ASUS has since been "largely unresponsive since then and has not notified ASUS customers about the issue." ASUS is already drowning in bad-rep from the PC enthusiast community for its Armoury Crate feature that lets motherboard BIOS push software to a Windows installation through an ACPI table dubbed "the vendor's rootkit," which ASUS enabled by default on new motherboards. Who knows what recent motherboard BIOS updates have pushed into your PC through this method.

rjohnson11
Hackers have managed to use valid ASUS digital certificates to masquerade their malware as legitimate software updates from ASUS. 
 
Who knows what recent motherboard BIOS updates have pushed into your PC through this method.

First those certificates were provided to the Hackers via an unhappy Asus employee.
Secondly, once they have access to your stuff, say goodbye to your hardware.
Thirdly, keep having that automatic update running 24/7 little boy, look at the consequences. I am glad i unplug my internet cable out of the modem/router when i am not around or using the PC for more than 6 hours.

the_Scarlet_one
I never allow the automatic update stuff run, other than Windows security patches alone. I update everything else manually when I want it updated.

Same here, fortunately.     *glances suspiciously at Maximus XI mobo*
 
Very, VERY poor of ASUS not to immediately act on the issue.
 

That isn’t good. I wonder what the source of it and the intention. I would use caution on opening an attachment from anyone and be double checking any stories posted on social media for a while after this.

Brad_Hawthorne
Anything automated related to security and updates is a prime target. Not sure why you stated you trust Microsoft to auto update? They aren't magically exempt from security exploits.

I’ve reread my post numerous times and don’t see anyone stating they trusted Microsoft.

I don’t see anywhere that states they are exempt from security patches.

I do allow it to auto update security patches because it is “recommended” to install it. Because if all else fails I can contact them and harass them for letting an issue through. If I don’t update the security patches at all, the computer would be far more vulnerable all the time, supposedly.

Cool GTX
I'm just amazed that in these present times a major technology firm would be so lax on securing their own servers .... sigh
 
Asus's lack of Owning the problem speak volumes of their Corporate Valves

It's an inside job from a disgruntled former ASUS employee. Could as just as soon been Microsoft, so I don't trust any auto updates.