Security News > 2020 > May > Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert.

In a separate development, the Salt vulnerability was used to hack into DigiCert certificate authority as well.

In an email conversation with The Hacker News, DigiCert also said it's deactivating its CT 2 log server following the incident but clarified that the other certificate transparency logs, CT 1, Yeti, and Nessie were not impacted.

"On May 3, DigiCert announced that it is deactivating its Certificate Transparency 2 log server after determining that the key used to sign SCTs may have been exposed via critical SALT vulnerabilities," the company said.

"We do not believe the key was used to sign SCTs outside of the CT log's normal operation, though as a precaution, CAs that received SCTs from the CT2 log after May 2 at 5 pm MST should receive an SCT from another trusted log. Three other DigiCert CT logs: CT1, Yeti, and Nessie, are not affected as they are run on completely different infrastructure. The impacts are limited to only the CT2 log and no other part of DigiCert's CA or CT Log systems,".

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/BCdT47YgINk/saltstack-rce-exploit.html