Ghost blogging platform suffers security breach - hackers exploited Salt vulnerability in attempt to mine cryptocurrency.

Looks like their slogan got a little shorter.

@gcluley If you have CVEs in your system base, update or mitigate!!!

Excellent predictive comment from the F-Secure lab who I think discovered it ...

“Patch by Friday or compromised by Monday. That’s how I’d describe the dilemma facing admins who have their Salt master hosts exposed to the internet.”

Ghost clearly wasn’t quick enough, and was hacked today – Sunday.

@gcluley Mitigation would have involved not having the admin system that controls all your infrastructure connected directly to the Internet at all.

Remember the old days of multiple networks? The Service LAN, the Backup LAN, the Management LAN?

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.