Security News > 2020 > May > Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability
Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert.
In a separate development, the Salt vulnerability was used to hack into DigiCert certificate authority as well.
In an email conversation with The Hacker News, DigiCert also said it's deactivating its CT 2 log server following the incident but clarified that the other certificate transparency logs, CT 1, Yeti, and Nessie were not impacted.
"On May 3, DigiCert announced that it is deactivating its Certificate Transparency 2 log server after determining that the key used to sign SCTs may have been exposed via critical SALT vulnerabilities," the company said.
"We do not believe the key was used to sign SCTs outside of the CT log's normal operation, though as a precaution, CAs that received SCTs from the CT2 log after May 2 at 5 pm MST should receive an SCT from another trusted log. Three other DigiCert CT logs: CT1, Yeti, and Nessie, are not affected as they are run on completely different infrastructure. The impacts are limited to only the CT2 log and no other part of DigiCert's CA or CT Log systems,".
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/BCdT47YgINk/saltstack-rce-exploit.html
Related news
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (source)
- Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals (source)
- Finland confirms APT31 hackers behind 2021 parliament breach (source)
- AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)