Category: Cloud

May 8, 2020

Playbook for attack on Salt servers

The hackers use CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over Salt master server Mitigations Consider taking down the related servers to investigate the incident and patch vulnerable servers. Patches for the Salt vulnerabilities have been released earlier this week. Salt servers should normally be deployed behind a firewall and not left exposed on the internet. SaltStack engineers patched these […]

April 12, 2020

Playbook for Web Ad Fraud

False clicks and fraudulent display of web-placed advertisements Description Lists of full credit and/or debit card data are tested against a merchant’s payment processes to identify valid card details. The quality of stolen data is often unknown, and Carding is used to identify good data of higher value. Payment cardholder data may have been stolen from another application, stolen from a different payment channel, or […]

April 9, 2020

Playbook for Failed SSH login

Brute-force and dictionary attacks against remote services such as SSH, are one of the Top-20 most common forms of attack on the Internet that compromise servers. In particular, Unix-based and Mac OS X servers that run an SSH service to allow administrators secure remote connections are at risk. Playbook Mitigation Disable root access – It is a good security practice to disable logins via SSH […]