Hackers exploit Salt RCE bugs in widespread attacks, PoCs public

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/hackers-exploit-salt-rce-bugs-in-widespread-attacks-pocs-public/
Hackers kept busy this weekend exploiting vulnerable Salt instances used in various infrastructures for server management and automation.

Among the organizations that announced an intrusion are LineageOS, Vates (creators of open source Xen Orchestra), Ghost blogging platform, and DigiCert. Hundreds of servers, both masters and clients (minions) have likely been compromised at this point.

Bugs and exploit code are public

Salt versions before 3000.2 and 2019.2.4 are vulnerable to CVE-2020-11651 and CVE-2020-11652. F-Secure disclosed the two vulnerabilities last week saying that “any competent hacker” would need less than 24 hours to develop a 100% reliable exploit.
... ...
Click to expand...
 
  • Like
Reactions: upnorth, Antus67, Fel Grossi and 2 others
Antus67

Antus67

Level 9
Verified
Well-known
Nov 3, 2019
413
Lets face it its a never ending battle you have to be on your toes at all times and eyes in the back of your head to keep ahead of these exploits
 
  • Like
Reactions: upnorth
You must log in or register to reply here.

Similar threads

upnorth
    • Like
    • +Reputation
    • Thanks
Hackers Exploit RCE Vulnerability in Windows Internet Key Exchange
Replies
0
Views
540
News Archive
upnorth
upnorth
Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
APC warns of critical unauthenticated RCE flaws in UPS software
Replies
0
Views
1,378
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild
Replies
1
Views
881
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top