Online publishing and blogging platform Ghost is back on its feet, after being hacked over the weekend through a critical vulnerability in its SaltStack server management infrastructure.
The service, which counts organisations such as Apple, DuckDuckGo, Mozilla and Nasa among its customers, was targeted through two vulnerabilities, CVE-2020-11651 and CVE-2020-11652, that were first discovered by F-Secure researchers.
Ghost first reported a service outage affecting its Ghost(Pro) sites and Ghost.org billing services on the morning of Sunday 3 May.
A subsequent investigation found that attackers had gained access to its system and attempted to use it to mine cryptocurrency. This caused central processing unit (CPU) spikes and overloaded Ghosts’s systems, causing the outage. Ghost said it had been able to verify that no credit card information, credentials or other data relating to its customers had been affected.
It has now introduced multiple new firewalls and additional security precautions, which have caused some instability on its network and impacted some customers.