Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Red Hat Warns of Ceph Website Breach

Red Hat warned users on Thursday that it detected an intrusion on two websites related to Ceph, the company’s open source distributed storage platform.

Red Hat warned users on Thursday that it detected an intrusion on two websites related to Ceph, the company’s open source distributed storage platform.

According to the open source giant, which acquired Ceph developer Inktank in April 2014, the breach affects the websites ceph.com and download.inktank.com. Ceph.com offers downloads for Ceph community versions, while download.inktank.com provided releases of the Red Hat Ceph product for Ubuntu and CentOS.

The company has pointed out that the affected websites are hosted on a server outside of the Red Hat infrastructure. The investigation is ongoing, but so far there is no evidence that the code and binaries offered on the impacted websites have been compromised.

On the other hand, Red Hat says it cannot fully rule out the possibility that the files available for download at some point in the past had been altered. The company also believes the signing keys for Inktank and Ceph.com can no longer be trusted. As a result, the Ceph signing key has been replaced, and the Red Hat Ceph Storage products have been re-signed with standard Red Hat release keys.

“This intrusion did not affect other Ceph sites such as download.ceph.com (which contained some Ceph downloads) or git.ceph.com (which mirrors various source repositories), and is not known to have affected any other Ceph community infrastructure. There is no evidence that build systems or the Ceph github source repository were compromised,” reads a security notice posted on the Ceph website.

Customers of Red Hat Ceph Storage versions for CentOS and Ubuntu have been advised to download the newly signed product versions. Customers of Red Hat Ceph Storage for RHEL and other Red Hat products are not affected by the incident.

The ceph.com and download.ceph.com websites have been rebuilt and all the content hosted on them has been verified. Red Hat customers have been notified that the download.inktank.com host has been retired following the breach.

Red Hat noted that while the compromised system did not store customer data, it did hold usernames and password hashes used by customers for authenticating downloads. Sources: 

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.