Security Market Segment LS
Tuesday, 05 May 2020 09:50

Ghost blogging platform hit by cryptocurrency mining attack

Ghost blogging platform hit by cryptocurrency mining attack Pixabay

A vulnerability in the Salt management framework was exploited by attackers to install cryptocurrency mining software on the popular Ghost blogging platform, the company said in a notice on its website.

In a statement, which has seen constant updates since it was first posted on 4 May AEDT, Ghost first reported an outage, and then said it had been fixed.

Later, the company said there had been an attempt to mine cryptocurrency on its servers, which led to a spike in CPU usage and a subsequent outage.

It identified the flaw that had been exploited and said it affected both the Ghost(pro) sites and the billing services.

The company said no credit card information had been affected and no credentials were stored in plaintext.

"There is no direct evidence that private customer data, passwords or other information has been compromised," it added. "All sessions, passwords and keys are being cycled and all servers are being re-provisioned."

Commenting on the vulnerability and also a second one, for both of which exploitation had been observed in the wild, Satnam Narang, principal research engineer at security shop Tenable, said the Salt management framework was used in data centres and cloud environments to configure, monitor and update systems.

"This is achieved by a 'master' server that can control agents called 'minions'," he explained. "When combined, the two flaws can be used to gain remote command execution as root on both the master server and minions.

Narang said attackers appeared to have successfully utilised these vulnerabilities to breach the infrastructure of LineageOS, an open-source Android operating system, and also Ghost

"We believe additional successful attacks may be revealed in the coming days and weeks," he added. " For organisations that use Salt in their environment, it’s critically important to apply the available patches to vulnerable assets as soon as possible. If patching isn’t possible, ensure that proper network security controls are in place for the Salt master."

Details of the two vulnerabilities are here.

Subscribe to Newsletter here

WEBINAR 12 AUGUST - Why is Cyber Security PR different?

This webinar is an introduction for cyber security companies and communication professionals on the nuances of cyber security public relations in the Asia Pacific.

Join Code Red Security PR Network for a virtual conversation with leading cyber security and ICT journalists, Victor Ng and Stuart Corner, on PR best practices and key success factors for effective communication in the Asian Pacific cyber security market.

You will also hear a success story testimonial from Claroty and what Code Red Security PR has achieved for the brand.

Please register here by 11 August 2020 and a confirmation email, along with instructions on how to join the webinar will be sent to you after registration.

Aug 12, 2020 01:00 PM in Canberra, Melbourne, Sydney. We look forward to seeing you there!



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Reviews

Guest Research & Case Studies

Channel News