Hackers Exploiting SaltStack Vulnerability Hit Data Centers

After infrastructure automation software vendor SaltStack released a patch for two critical vulnerabilities last Wednesday, hackers acted quickly to reverse engineer the exploit and attack vulnerable data centers.

Olle Segerdahl, principal security consultant at F-Secure who originally found the vulnerabilities, posted a  warning  on Thursday: “Patch by Friday or compromised by Monday.”

He may have been too optimistic in hoping his advice would be followed, since companies began getting hit over that weekend.

The Ghost blogging platform  went down  on Sunday, May 3, after attackers used the vulnerability to gain access to its infrastructure, and it took the organization 13 hours to get back up and running again.

Read full article at Data Center Knowledge.