Have you updated your SaltStack Salt “masters” and made them inaccessible over the internet – or at least restricted access to them? Even though F-Secure researchers declined to publish PoC exploit code for two critical Salt flaws they recently discovered and privately disclosed, it didn’t take long for others to do it and for attackers to try to exploit them.
Read full article on Help Net Security