<

Ghost platform got hacked via the same vulnerability that allowed hackers to breach LineageOS servers hours before

According to ZDNet, the blogging platform Ghost admitted that it suffered a security breach in which hackers exploited critical vulnerabilities in its servers. In an official release, the Singapore-based company stated that unknown threat actors abused two vulnerabilities CVE-2020-11651 and CVE-2020-11652 in its Saltstack master to mine cryptocurrency on its servers. Saltstack is an open-source software used by data centers and cloud servers. The ghost stated that the incident came to light when hackers’ mining attempts spiked its CPUs and systems.

Ghost was hacked via the same vulnerability

Ghost is an open-source and free to use blogging platform aimed at simplifying the process of online publishing for individual bloggers and online publications.

According to Ghost, the hacking incident occurred on May 3, 2020, at 03:24 BST, when the company updated its status checker page and noticed the abnormal activity when its server reported a service outage. At 10:15 BST the same day, Ghost revealed the incident, and a fix has been released to restore its servers.

In a statement, Ghost said:

“We’ve introduced multiple new firewalls and security precautions today, which are unfortunately causing instability on our network and affecting some customer sites. We have restored all services, and everything should be functioning as normal. We are still investigating the root cause of the issue with our upstream providers.”

Ghost said that the attack had hit its Ghost(Pro) hosting sites and Ghost.org billing services, but that no credit card information had been impacted and that no login credentials had been stored in plaintext.

ghost-platform-got-hacked-via-the-same-vulnerability-that-allowed-hackers-to-breach-lineageos-servers-hours-before

Ghost said:

“Around 1:30 AM UTC on May 3rd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure. There is no direct evidence that private customer data, passwords, or other information have been compromised. All sessions, passwords, and keys are being cycled and all servers are being re-provisioned.”

In a later update on the security breach, Ghost said that its investigations had determined that attackers had exploited a critical vulnerability in Salt, the open-source software used by data centers and cloud servers, in an attempt to mine cryptocurrency on its servers.

“The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately. At this time there is no evidence of any attempts to access any of our systems or data. Nevertheless, all sessions, passwords, and keys are being cycled and all servers are being re-provisioned.”

Warnings were issued last week of critical vulnerabilities in Salt which could lead to systems being hijacked.

At the time, F-Secure’s Olle Segerdahl explained the seriousness of the threat in stark terms:

“Patch by Friday or compromised by Monday. That’s how I’d describe the dilemma facing admins who have their Salt master hosts exposed to the internet.”

The statement concluded:

“We’re continuing to monitor all systems closely, while also working carefully to cycle all sessions, passwords, and keys on every affected service as a precaution. Our additional firewall configurations are now running and working as expected. All connectivity issues have been resolved, and customer sites are loading as normal again.”

Read more:

Follow us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like

LATEST NEWS

LASTEST NEWS