The gameplay is entirely online and multiplayer. More information about our response and handling of CVEs is available in our Knowledge Base: SaltStack Response Policy for CVEs.3DXChat is an adult PC game where you play as a character who can have uncensored sex with other gamers. As the primary maintainers of the Salt Open Project, trusted by the world’s largest businesses to automate digital infrastructure operations and security, we take this vulnerability and the security of our platform very seriously.
It is equally important to upgrade to latest versions of the platform and register with support for future awareness of any possible issues and remediations.
We must reinforce how critical it is that all Salt users patch their systems and follow the guidance we have provided outlining steps for remediation and best practices for Salt environment security. Although there was no initial evidence that the CVE had been exploited, we have confirmed that some vulnerable, unpatched systems have been accessed by unauthorized users since the release of the patches. Upon notification of the CVE, SaltStack took immediate action to remediate the vulnerability, develop and issue patches, and communicate to our customers about the affected versions so they can prepare their systems for update. Clients who have followed fundamental internet security guidelines and best practices are not affected by this vulnerability.
A scan by the security firm, who identified the vulnerability, identified approximately 6000 instances of exposed Salt masters. This represents a very small portion of the install base. The vulnerability only occurs if a Salt Master is exposed to the open internet. "Last week a critical vulnerability was discovered in Salt Master versions 2019.2.3 and Salt 3000 versions 3000.1 and earlier. "Ultimately we take full responsibility for this," he concludes, "and will be making significant changes to the speed and gravity with which we respond to future security advisories."Īlex Peay, senior vice-president of product and marketing at SaltStack, has provided the following statement: Kudos to John and his team for dealing with this in such a transparent way and so efficiently, many others could learn a lesson in incident response from this. "The exploit reached a small number of core app servers, rather than all 2 million plus decentralized Ghost instances," he says, "as Ghost is open source, we host only a small proportion of the total number of instances out there." Lots of services were hit in bulk, rather than anyone being targeted directly." O'Nolan also points out that this attack only affected servers within the hosting platform, not Ghost itself. I reached out to John O'Nolan, Ghost founder and CEO, who says that "from what we can see so far it appears this was dragnet approach to try and make a quick coin or two. Security expert, John Opdenakker, who runs a self-hosted infosec Ghost blog, says "even if you run Ghost self-hosted, this incident reminds us that it's important to install all latest patches." MORE FROM FORBES The 7.232905 Bitcoin Security Question Is: What's A Homoglyph? By Davey Winder "The mining attempt spiked CPUs and quickly overloaded most of our systems," it stated, "which alerted us to the issue immediately." There remains no evidence that any access to systems or data was attempted. (BST), revealed that early investigations show the SaltStack vulnerabilities were used in an attempt to mine cryptocurrency on the Ghost servers.
"There is no direct evidence that private customer data, passwords or other information has been compromised," the Ghost update stated, "all sessions, passwords and keys are being cycled and all servers are being re-provisioned."Īn update, posted at 1:46 p.m.