Security News > 2020 > May > Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability
Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert.
In a separate development, the Salt vulnerability was used to hack into DigiCert certificate authority as well.
In an email conversation with The Hacker News, DigiCert also said it's deactivating its CT 2 log server following the incident but clarified that the other certificate transparency logs, CT 1, Yeti, and Nessie were not impacted.
"On May 3, DigiCert announced that it is deactivating its Certificate Transparency 2 log server after determining that the key used to sign SCTs may have been exposed via critical SALT vulnerabilities," the company said.
"We do not believe the key was used to sign SCTs outside of the CT log's normal operation, though as a precaution, CAs that received SCTs from the CT2 log after May 2 at 5 pm MST should receive an SCT from another trusted log. Three other DigiCert CT logs: CT1, Yeti, and Nessie, are not affected as they are run on completely different infrastructure. The impacts are limited to only the CT2 log and no other part of DigiCert's CA or CT Log systems,".
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/BCdT47YgINk/saltstack-rce-exploit.html
Related news
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Schneider Electric confirms dev platform breach after hacker steals data (source)
- Nokia investigates breach after hacker claims to steal source code (source)