Start Your Blog in 5 Minutes.
The open-source blogging platform Ghost has suffered a serious security scare, no doubt sending shivers down the spines of some of its users.
Ghost said that the attack had hit its Ghost(Pro) hosting sites and Ghost.org billing services, but that no credit card information had been impacted and that no login credentials had been stored in plaintext.
“Around 1:30AM UTC on May 3rd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure.”“There is no direct evidence that private customer data, passwords or other information has been compromised. All sessions, passwords and keys are being cycled and all servers are being re-provisioned.”
In a later update on the security breach, Ghost said that its investigations had determined that attackers had exploited a critical vulnerability in Salt, the open-source software used by data centers and cloud servers, in an attempt to mine cryptocurrency on its servers.
“The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately. At this time there is no evidence of any attempts to access any of our systems or data. Nevertheless, all sessions, passwords and keys are being cycled and all servers are being re-provisioned.”
Warnings were issued last week of critical vulnerabilities in Salt which could lead to systems being hijacked.
At the time, F-Secure’s Olle Segerdahl explained the seriousness of the threat in stark terms:
“Patch by Friday or compromised by Monday. That’s how I’d describe the dilemma facing admins who have their Salt master hosts exposed to the internet.”
Ghost clearly wasn’t quick enough, and was hacked today – Sunday.
And it seems they’re not the only ones. For instance:
Around 8PM PST on May 2nd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure. We are able to verify that:
– Signing keys are unaffected.
– Builds are unaffected.
– Source code is unaffected.See https://t.co/85fvp6Gj2h for more info.
Whether you’re a single user, a small organisation, or a big company, if you’re running a web server you must keep it up-to-date with the latest security patches.