#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Ghost CMS | Breaking Cybersecurity News | The Hacker News

Two New Security Flaws Reported in Ghost CMS Blogging Software

Two New Security Flaws Reported in Ghost CMS Blogging Software

Dec 22, 2022 Website Security / Vulnerability
Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as  Ghost , one of which could be abused to elevate privileges via specially crafted HTTP requests. Ghost is an open source blogging platform that's used in more than 52,600 live websites, most of them located in the U.S., the U.K., German, China, France, Canada, and India. Tracked as CVE-2022-41654 (CVSS score: 9.6), the authentication bypass vulnerability allows unprivileged users (i.e., members) to make unauthorized modifications to newsletter settings. Cisco Talos, which  discovered  the shortcoming, said it could enable a member to change the system-wide default newsletter that all users are subscribed to by default. Even worse, the ability of a site administrator to inject JavaScript into the newsletter by default could be exploited to trigger the creation of arbitrary administrator accounts when attempting to edit the newsletter. "This gives unprivileged us
Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

May 04, 2020
Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework , a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. Tracked as CVE-2020-11651 and CVE-2020-11652 , the disclosed flaws could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The issues were fixed by SaltStack in a release published on April 29th. "We expect that any competent hacker will be able to create 100% reliable exploits for these issues in under 24 hours," F-Secure researchers had previously warned in an advisory last week. LineageOS, a maker of an open-source operating system based on Android, said it detected the intrusion on May 2nd at around 8 pm Pacific Time. "Around 8 pm PST on May 2nd, 2020, an attacker used a CVE in our SaltStack master to gain access to our infrastructure," the company n
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Feb 13, 2024SaaS Security / Data Breach
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and vulnerabilities in third-party app integrations demonstrate the complex security challenges facing IT systems. In the case of Midnight Blizzard, password spraying against a test environment was the initial attack vector. For Cloudflare-Atlassian, threat actors initiated the attack via compromised  OAuth tokens  from a prior breach at Okta, a SaaS identity security provider.  What Exactly Happened? Microsoft Midnight Blizzard Breach Microsoft was targeted by the Russian "Midnight Blizzard" hackers (also known as Nobelium, APT29, or Cozy Bear) who are linked to the SVR, the Kremlin's forei
Cybersecurity Resources