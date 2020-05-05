It has been reported that Popular open-source blogging platform with more than 2 million installs confirms it has been hacked. Although most people tend to immediately think of WordPress when asked to name a blogging platform, it certainly isn’t the only player in town. The self-proclaimed “world’s most popular modern open-source publishing platform,” Ghost, includes big-name customers such as Mozilla, NASA, and DuckDuckGo among its 750,000 registered users, according to its website. In the last week alone, Ghost users, including writers, podcasters, and video creators, set up 6,920 new publications. It was also hacked yesterday, May 3.
EXPERTS COMMENTS
Tim Mackey, Principal Security Strategist, Synopsys CyRC
May 05, 2020
This attack has two key elements to it.
Data centre patch strategies need to take into account not only the applications deployed, but also the underlying infrastructure and any firmware used within all devices powering businesses. In this case, the attackers used two vulnerabilities within the SaltStack infrastructure management software used by Ghost. This attack has two key elements to it. First, attackers are actively seeking unpatc ....Data centre patch strategies need to take into account not only the applications deployed, but also the underlying infrastructure and any firmware used within all devices powering businesses. In this case, the attackers used two vulnerabilities within the SaltStack infrastructure management software used by Ghost. This attack has two key elements to it. First, attackers are actively seeking unpatched SaltStack instances vulnerable to CVE-2020-11651 and CVE-2020-11652. When combined, these two vulnerabilities enable attackers to access SaltStack master methods without authentication, including retrieval of user tokens, and then allow arbitrary access to authenticated users. Second, this attack chain spans Ghost and its customer based to potentially include any organisation running SaltStack. In the case of this attack, the attackers were reportedly interested in running crypto-mining software. Since attackers define the rules in any cyberattack, it’s important for anyone running an unpatched SaltStack instance to recognize that a different malicious team or environment might could easily result in a different type of compromise.
