Blogging platform Ghost hacked through Salt vulnerability

Blogging platform Ghost hacked through Salt vulnerability

Online publishing and blogging platform Ghost is back on its feet, after being hacked over the weekend through a critical vulnerability in its SaltStack server management infrastructure.
The service, which counts organisations such as Apple, DuckDuckGo, Mozilla and Nasa among its customers, was targeted through two vulnerabilities, CVE-2020-11651 and CVE-2020-11652, that were first discovered by F-Secure researchers and revealed in a co-ordinated disclosure on 30 April 2020.
The vulnerabilities, which carry a Common Vulnerability Scoring System (CVSS) rating of 10, the highest possible, enable hackers to gain remote code execution capabilities on Salt master repositories. This could allow them to install backdoors into systems, carry out ransomware attacks, or take over systems to mine cryptocurrencies.
F-Secure principal consultant Olle Segerdahl, who uncovered the vulnerabilities, warned that due to their easy-to-exploit nature, Salt users who did not patch their systems by Friday 1 May risked being compromised over the weekend, and indeed, active exploits were seen within 72 hours targeting geographically-dispersed honeypots.
In Ghost’s case, the organisation first reported a service outage affecting its Ghost(Pro) sites and Ghost.org billing services in at approximately 3:20 am BST on the morning of Sunday 3 May.
A subsequent investigation found that attackers had gained access to its system and attempted to use it to mine cryptocurrency. This caused central processing unit (CPU) spikes and overloaded Ghosts’s systems, causing the outage.
Ghost said it had been able to verify that no credit card information, credentials or other data relating to its customers had been affected.
It has now introduced multiple new firewalls and additional security precautions, which have caused some instability on its network and impacted some customers.
“All traces of the cryptomining virus were successfully eliminated yesterday, all systems remain stable, and we have not discovered any further concerns or issues on our network,” said Ghost in a statement on its website, correct as of 9:30am on 4 May.
“The team is now working hard on remediation to clean and rebuild our entire network. We will keep this incident open and continue to share updates until it is fully resolved. We will also be contacting all customers directly to notify them of the incident and publishing a public post-mortem later this week.”
Tim Mackey, principal security strategist at Synopsys’ Cybersecurity Research Centre, said: “Datacentre patch strategies need to take into account not only the applications deployed, but also the underlying infrastructure and any firmware used within all devices powering businesses.
“In the case of this attack, the attackers were reportedly interested in running cryptomining software. Since attackers define the rules in any cyber attack, it’s important for anyone running an unpatched SaltStack instance to recognize that a different malicious team or environment might could easily result in a different type of compromise.”
Martin Jartelius, chief security officer at Outpost24, added: ”Be grateful this was abused for simple monetary gain and nothing sophisticated, which it could equally well have been.”
Separately, open source Android distribution LineageOS revealed it was also targeted by cyber criminals exploiting the Salt vulnerabilities. Its systems were taken offline at roughly the same time as Ghost’s.

Comments

Post a Comment

Popular posts from this blog

What Should New companies And VCs Construct? The most effective method to Bring in Cash In Post-COVID-multiple Times

What Should New companies And VCs Construct? The most effective method to Bring in Cash In Post-COVID-multiple Times  Propy Inc.  It unquestionably feels peculiar to peruse articles on the best way to bring in cash during these COVID-multiple times, particularly now - when the world is in a condition of strife. Very in opposition to industrialist standards, the pandemic appears to have united people in compassion. Solidarity after catastrophe is producing results, helping us center more around each other as opposed to on our own selves. For this situation, we can credit ourselves for picking life over cash. This is a difficult time for us all. We should reconsider our organizations, speculations, business as usual, and even our fundamental beliefs while getting ready to creep out of safe house set up mandates to another reality. What would it be a good idea for us to concentrate our vitality on during this significant progress period? As Marc Andreessen as of late noticed, &quo
Read more

The most effective method to Bring in Cash on YouTube: 7 Stages to Get Paid

The most effective method to Bring in Cash on YouTube: 7 Stages to Get Paid For some individuals, YouTube is where they can spend unlimited hours watching feline recordings, item surveys or others playing computer games. For other people, it's a method to bring in cash. Turning into an expert YouTuber may seem like fun, however you'll need to hustle to begin, and there's no assurance it will pay off. In case you're hoping to make a snappy buck, you should think about different choices. To procure legitimately through YouTube, you should band together with the site. When you do, there are a few different ways to trade out, however to turn into an accomplice you should meet the prerequisites: Your recordings must comply with the site's publicizing rules and have in excess of 4,000 substantial open watch hours inside the most recent a year. The more recordings you have, the simpler it is to arrive at the survey hours limit. High-caliber, engaging re
Read more