Security News > 2020 > May > Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages.
The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost's server management infrastructure.
Ghost is a free, open-source blogging platform with an install base of over 2 million, including big-name customers like Mozilla and DuckDuckGo.
Upon further investigation, Ghost said that the hack stemmed from attackers exploiting two flaws, CVE-2020-11651 and CVE-2020-11652, which allow full remote code execution as root on servers in data centers and cloud environments.
Both Ghost Pro sites and Ghost.org billing services were affected - though Ghost said that credit card data was not affected.
News URL
Related news
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)
- China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil (source)
- Hacker selling critical Roundcube webmail exploit as tech info disclosed (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-30 | CVE-2020-11651 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. | 9.8 |
| 2020-04-30 | CVE-2020-11652 | Path Traversal vulnerability in multiple products An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. | 6.5 |