Quote:Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost’s server management infrastructure.
Ghost is a free, open-source blogging platform with an install base of over 2 million, including big-name customers like Mozilla and DuckDuckGo. The company, which touts itself as an alternative to platforms like WordPress, Medium and Tumblr, first posted on Sunday at 3:24 BST that customers were experiencing service outages. It has since fixed the issue and systems are up and running again, as of Monday.
Upon further investigation, Ghost said that the hack stemmed from attackers exploiting two flaws, CVE-2020-11651 and CVE-2020-11652, which allow full remote code execution as root on servers in data centers and cloud environments. The two flaws specifically exist in SaltStack’s open-source Salt management framework, used by customers like Ghost as an open-source configuration tool to monitor and update the state of their servers.
“All traces of the crypto-mining virus were successfully eliminated yesterday, all systems remain stable, and we have not discovered any further concerns or issues on our network,” according to Ghost’s announcement on its status update page. “The team is now working hard on remediation to clean and rebuild our entire network. We will keep this incident open and continue to share updates until it is fully resolved. We will also be contacting all customers directly to notify them of the incident, and publishing a public post-mortem later this week.”
Read more: https://threatpost.com/hackers-exploit-c...ck/155431/
![[-]](https://www.geeks.fyi/images/collapse.png)
