Hackers leverage Saltbox flaw to breach LineageOS, Ghost and DigiCert servers

It took only days for hackers to latch onto these known vulnerabilities

Just days after cyber security researchers brought attention to two critical vulnerabilities in the SaltStack configuration framework, hackers have exploited the flaws to breach the servers of LineageOS, Ghost and DigiCert.

Dubbed CVE-2020-11651 and CVE-2020-11652, the previously disclosed flaws may allow a hacker to execute arbitrary code on remote servers deployed in data centers and cloud environments.

Advertisement - Article continues below

Researchers previously warned that any competent hacker could create 100% reliable exploits related to the issues in 24 hours or less. Since then, LineageOS detected an intrusion that occurred on May 2, 2020.

"Around 8 pm PST on May 2nd, 2020, an attacker used a CVE in our SaltStack master to gain access to our infrastructure," the company shared in its incident report. The company added the breach didn’t impact Android builds and signing keys.

Ghost also fell victim to the Saltbox vulnerability. Developers noted that "around 1:30 am UTC on May 3rd, 2020, an attacker used a CVE in our SaltStack master to gain access to our infrastructure" and install a cryptocurrency miner. According to the developers, the mining attempt spiked CPUs, which quickly overloaded Ghost’s systems, alerting them of the attack immediately.

LineageOS and Ghost have since patched the impacted systems and restored services. 

Advertisement
Advertisement - Article continues below

The Salt vulnerability was also used to hack into DigiCert certificate authority. DigiCert's VP of product, Jeremy Rowley, shared in a Google Groups post on Sunday, "We discovered today that CT Log 2's key used to sign SCTs (signed certificate timestamps) was compromised last night at 7 pm via the Salt vulnerability." 

Advertisement - Article continues below

Rowley added, "Although we don't think the key was used to sign SCTs (the attacker doesn't seem to realize that they gained access to the keys and were running other services on the infrastructure), any SCTs provided from that log after 7 pm MST yesterday are suspect. The log should be pulled from the trusted log list." 

While the issues were fixed by SaltStack in a release published on April 29, 2020, it’d be wise for businesses to update Salt software packages to the latest version to resolve these flaws and avoid any and all nefarious hacking attempts.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020
Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020
Visit/security/phishing/355793/gitlab-phishes-its-remote-employees-and-1-in-5-fell-for-it
phishing

GitLab phished its employees and 20% handed over credentials

26 May 2020

Most Popular

Visit/infrastructure/server-storage/355785/dell-emc-poweredge-r7525-review-an-epyc-core-density-to-make
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020