After infrastructure automation software vendor SaltStack released a patch for two critical vulnerabilities last Wednesday, hackers acted quickly to reverse engineer the exploit and attack vulnerable data centers.
Olle Segerdahl, principal security consultant at F-Secure who originally found the vulnerabilities, posted a warning on Thursday: “Patch by Friday or compromised by Monday.”
He may have been too optimistic in hoping his advice would be followed, since companies began getting hit over that weekend.
The Ghost blogging platform went down on Sunday, May 3, after attackers used the vulnerability to gain access to its infrastructure, and it took the organization 13 hours to get back up and running again.
