Ghost blogging platform servers hacked
Attackers exploited bugs in Salt to gain access to Ghost’s servers
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The Node.js-basedblogging platformGhost is the latest victim in an ongoing hacking campaign that has already hit tens of companies.
Hackers have been scanning the internet for servers running the software Salt which is used by businesses to manage and automate their servers inside data centers, cloud server clusters and enterprise networks. This is because tworecently-patched bugsin the software can be exploited to gain access to Salt servers.
Just hours before Ghost had its servers hacked, attackers managed to breach the servers of the mobileoperating systemLineageOSby exploiting the same flaws in Salt.
Ghost hack
According to Ghost’s developers, the hackers exploited the authentication bypass CVE-2020-11651 and directory traversal CVE-2020-11652 to take control over the company’s Salt master server.
However, they did not steal any financial information or user credentials from the company while they had access to the Ghost (Pro) site and Ghost.org billing services. Instead, the hackers installed acryptocurrency mineron Ghost’s servers just as they did to LineageOS.
This cryptocurrency miner is what alerted Ghost to the hack in the first place as the mining attempt spiked the company’s CPUs and quickly overloaded most of its systems.
In astatus page, the Ghost developer team explained that it has successfully recovered from the hack, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“All traces of the crypto-mining virus were successfully eliminated yesterday, all systems remain stable, and we have not discovered any further concerns or issues on our network. The team is now working hard on remediation to clean and rebuild our entire network.”
ViaZDNet
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
