Cyber Attacks

Ghost blogging platform servers hacked


Ghost, a Node.js-based blogging platform, built and advertised as a simpler alternative to WordPress was hacked and infected with crypto mining malware.

The Ghost developer team stated that they detected an intrusion into their backend infrastructure systems. The attackers have been exploiting two recently-patched bugs to gain access to Salt servers and then deploy a cryptocurrency miner.

According to the Ghost developers, the hackers used CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over its Salt master server.

The hackers managed to access the Ghost (Pro) sites and billing services, but they did not steal any financial information or user credentials. Instead, they installed a cryptocurrency miner.

The mining attempt spiked CPUs and quickly overloaded most of their systems, alerting them about the issue immediately.

Ghost devs took down all servers, patched systems, and redeployed everything online after a few hours.

Saltstack, the company behind the Salt software, published patches earlier this week for the two vulnerabilities. All users are recommended to either patch the Salt servers or secure them behind a firewall. It is estimated that at present there are around 6,000 Salt servers exposed on the internet.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Encryption Pointers for Small Software Businesses

    Previous article

    How to use encryption to secure eGovernment activities in 7 ways

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *