"Cloud Servers Hacked via Critical SaltStack Vulnerabilities"
Two recently disclosed critical vulnerabilities in the popular SaltStack infrastructure automation software are now being exploited by attackers to take over servers. SaltStack is a widely-used open-source Python-based framework used by IT, network, and security operations teams for task automation, data collection, configuration, and server updates. The abuse of vulnerabilities contained by this software has already resulted in the takedown of servers belonging to several organizations and open-source projects. The LineageOS Project, Ghost blogging platform, and certificate authority DigiCert have been affected by the vulnerabilities. According to an advisory published by the security firm F-Secure, the two vulnerabilities found in SaltStack can allow attackers to circumvent authentication and authorization controls, publish arbitrary control messages, write files, and more. This article continues to discuss the SaltStack vulnerabilities, recent attacks in which the vulnerabilities were exploited, and SaltStack's response to these incidents.
CSO Online reports "Cloud Servers Hacked via Critical SaltStack Vulnerabilities"