Security Market Segment LS
Tuesday, 05 May 2020 09:50

Ghost blogging platform hit by cryptocurrency mining attack

By
Ghost blogging platform hit by cryptocurrency mining attack Pixabay

A vulnerability in the Salt management framework was exploited by attackers to install cryptocurrency mining software on the popular Ghost blogging platform, the company said in a notice on its website.

In a statement, which has seen constant updates since it was first posted on 4 May AEDT, Ghost first reported an outage, and then said it had been fixed.

Later, the company said there had been an attempt to mine cryptocurrency on its servers, which led to a spike in CPU usage and a subsequent outage.

It identified the flaw that had been exploited and said it affected both the Ghost(pro) sites and the Ghost.org billing services.

The company said no credit card information had been affected and no credentials were stored in plaintext.

"There is no direct evidence that private customer data, passwords or other information has been compromised," it added. "All sessions, passwords and keys are being cycled and all servers are being re-provisioned."

Commenting on the vulnerability and also a second one, for both of which exploitation had been observed in the wild, Satnam Narang, principal research engineer at security shop Tenable, said the Salt management framework was used in data centres and cloud environments to configure, monitor and update systems.

"This is achieved by a 'master' server that can control agents called 'minions'," he explained. "When combined, the two flaws can be used to gain remote command execution as root on both the master server and minions.

Narang said attackers appeared to have successfully utilised these vulnerabilities to breach the infrastructure of LineageOS, an open-source Android operating system, and also Ghost

"We believe additional successful attacks may be revealed in the coming days and weeks," he added. " For organisations that use Salt in their environment, it’s critically important to apply the available patches to vulnerable assets as soon as possible. If patching isn’t possible, ensure that proper network security controls are in place for the Salt master."

Details of the two vulnerabilities are here.


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments