内容简介:A hacking group has installed crypto mining malware into a company server through a weakness in Salt, a popular infrastructure tool used by the likes of IBM, LinkedIn and eBay.Blogging platform Ghost said Sunday that an attacker had"Our investigation indic
A hacking group has installed crypto mining malware into a company server through a weakness in Salt, a popular infrastructure tool used by the likes of IBM, LinkedIn and eBay.
Blogging platform Ghost said Sunday that an attacker had successfully infiltrated its Salt-based server infrastructure and deployed a crypto-mining virus.
"Our investigation indicates that a critical vulnerability in our server management infrastructure ... was used in an attempt to mine cryptocurrency on our servers," reads an incident report. "The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately."
Ghost said Monday developers had removed the mining malware from its servers and added whole new firewall configurations.
See also: dForce Hacker Returns Almost All of Stolen $25M in Crypto
Salt is an open-source framework, developed by SaltStack, that manages and automates key parts of company servers. Clients, including IBM Cloud, LinkedIn, and eBay, use Salt to configure servers, relay messages from the "master server" and issue commands to a specific time schedule.
SaltStack alerted clients a few weeks ago that there was a "critical vulnerability" in the latest version of Salt that allowed a "remote user to access some methods without authentication" and gave "arbitrary directory access to authenticated users."
SaltStack also released a software update fixing the flaw on April 23.
Android mobile operating system LineageOS said hackers had also accessed its core infrastructure via the same flaw, but the breach was quickly detected. In a report Sunday, the company admitted it hadn't updated the Salt software.
It remains unknown whether the same group is behind the LineageOS and Ghost attacks. Some attacks have planted crypto mining software, while others have instead planted backdoors into servers.
See also: Monero Hacker Group ‘Outlaw’ Is Back and Targeting American Business: Report
It isn't clear if hackers mined a particular cryptocurrency. Hacking groups have generally favored Monero, as it can be mined with just general purpose CPUs, not dedicated mining chips, and can be traded with little risk of detection.
CoinDesk has approached SaltStack for comment, but hadn't heard back by press time.
The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies . CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
你也能看得懂的Python算法书
王硕,董文馨,张舒行,张洁 著 / 电子工业出版社 / 2018-11-1 / 59.00
编程的核心是算法,学习算法不仅能教会你解决问题的方法,而且还能为你今后的发展提供一种可能。 《你也能看得懂的Python算法书》面向算法初学者,首先介绍当下流程的编程语言Python,详细讲解Python语言中的变量和循序、分支、循环三大结构,以及列表和函数的使用,为之后学习算法打好基础。然后以通俗易懂的语言讲解双指针、哈希、深度优先、广度优先、回溯、贪心、动态规划和至短路径等经典算法。 ......一起来看看 《你也能看得懂的Python算法书》 这本书的介绍吧!
