Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Ghost blogging platform servers hacked and infected with crypto-miner

May 4, 2020
in Internet Security
Ghost blogging platform servers hacked and infected with crypto-miner
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Ghost

A serious hacking campaign is currently underway, and tens of companies have been hacked already, ZDNet has learned from security researchers keeping an eye on the attacks.

For the past 24 hours, hackers have been mass-scanning the internet for Salt, a type of software used to manage and automate servers inside data centers, cloud server clusters, and enterprise networks.

You might also like

Ukraine reports cyber-attack on government document management system

More than 6,700 VMware servers exposed online and vulnerable to major new bug

Google funds Linux kernel developers to work exclusively on security

Attackers have been exploiting two recently-patched bugs to gain access to Salt servers and then deploy a cryptocurrency miner.

LineageOS hacked. Now Ghost.

Earlier today, ZDNet reported that hackers managed to breach the servers of LineageOS, a mobile operating system.

A second major hack surfaced a few hours later after our initial report. The second victim is Ghost, a Node.js-based blogging platform, built and advertised as a simpler alternative to WordPress.

In a status page, the Ghost developer team said they detected an intrusion into their backend infrastructure systems at around 1:30am UTC.

Ghost devs said the hackers used CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over its Salt master server.

The blogging company said that while hackers had access to the Ghost(Pro) sites and Ghost.org billing services, they didn’t steal any financial information or user credentials.

Instead, Ghost said the hackers installed a cryptocurrency miner.

“The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately,” Ghost developers said.

Similar to LineageOS, Ghost devs took down all servers, patched systems, and redeployed everything online after a few hours.

Ransomware gangs expected to exploit bugs in the coming days

A security researcher who requested we not use his name for this report said the attacks were most likely carried out with an automated vulnerability scanner that detected outdated Salt installs, and then automatically exploited the two bugs to install the crypto-mining malware.

“It is very possible that the threat actor behind these scans doesn’t even know the type of companies they’re breaching right now,” the researcher told ZDNet in a Twitter chat. “We’re seeing unpatched Salt servers at banks, web hosters, and Fortune 500 companies.”

“Pretty soon ransomware gangs are going to start scanning for this bug, and we’re gonna see mayhem, with ransomware deployed at some huge targets.”

Some of these intrusions are currently being reported on a GitHub thread, with similar reports of an attacker planting a cryptocurrency miner on hacked Salt systems.

Saltstack, the company behind the Salt software, published patches earlier this week to address the two vulnerabilities. Companies are advised to either patch the Salt servers or secure them behind a firewall. There are currently around 6,000 Salt servers exposed on the internet.

Credit: Zdnet

Previous Post

How Machine Learning Is Redefining The Healthcare Industry

Next Post

How Big Data Is Attacking the Coronavirus - The Wall Street Journal

Related Posts

Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Google funds Linux kernel developers to work exclusively on security
Internet Security

Google funds Linux kernel developers to work exclusively on security

February 25, 2021
Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Red Hat closes StackRox Kubernetes security acquisition
Internet Security

Red Hat closes StackRox Kubernetes security acquisition

February 24, 2021
Next Post
How Big Data Is Attacking the Coronavirus – The Wall Street Journal

How Big Data Is Attacking the Coronavirus - The Wall Street Journal

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains
Blockchain

KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains

February 25, 2021
IBM Reportedly Retreating from Healthcare with Watson 
Artificial Intelligence

IBM Reportedly Retreating from Healthcare with Watson 

February 25, 2021
Using machine learning to identify blood biomarkers for early diagnosis of autism
Machine Learning

Using machine learning to identify blood biomarkers for early diagnosis of autism

February 25, 2021
Label a Dataset with a Few Lines of Code | by Eric Landau | Jan, 2021
Neural Networks

Label a Dataset with a Few Lines of Code | by Eric Landau | Jan, 2021

February 25, 2021
How to Identify and Prioritize Marketing Ideas
Marketing Technology

How to Identify and Prioritize Marketing Ideas

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Ukraine reports cyber-attack on government document management system February 25, 2021
  • KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains February 25, 2021
  • IBM Reportedly Retreating from Healthcare with Watson  February 25, 2021
  • Using machine learning to identify blood biomarkers for early diagnosis of autism February 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates