CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Zero-Day Breach at Rackspace Sparks Vendor Blame Game

A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.

Rackspace Breach

Enterprise cloud host Rackspace has been hacked via a zero-day flaw in ScienceLogic’s monitoring app, with ScienceLogic shifting the blame to an undocumented vulnerability in a different bundled third-party utility.

The breach, flagged on September 24, was traced back to a zero-day in ScienceLogic’s flagship SL1 software but a company spokesperson tells SecurityWeek the remote code execution exploit actually hit a “non-ScienceLogic third-party utility that is delivered with the SL1 package.”

“We identified a zero-day remote code execution vulnerability within a non-ScienceLogic third-party utility that is delivered with the SL1 package, for which no CVE has been issued. Upon identification, we rapidly developed a patch to remediate the incident and have made it available to all customers globally,” ScienceLogic explained.

ScienceLogic declined to identify the third-party component or the vendor responsible.

The incident, first reported by the Register, caused the theft of “limited” internal Rackspace monitoring information that includes customer account names and numbers, customer usernames, Rackspace internally generated device IDs, names and device information, device IP addresses, and AES256 encrypted Rackspace internal device agent credentials.

Rackspace has notified customers of the incident in a letter that describes “a zero-day remote code execution vulnerability in a non-Rackspace utility, that is packaged and delivered alongside the third-party ScienceLogic application.”

The San Antonio, Texas hosting company said it uses ScienceLogic software internally for system monitoring and providing a dashboard to users. However, it appears the attackers were able to pivot to Rackspace internal monitoring web servers to pilfer sensitive data.

Rackspace said no other products or services were impacted.

Advertisement. Scroll to continue reading.

This incident follows a previous ransomware attack on Rackspace‘s hosted Microsoft Exchange service in December 2022, which resulted in millions of dollars in expenses and multiple class action lawsuits.

In that attack, blamed on the Play ransomware group, Rackspace said cybercriminals accessed the Personal Storage Table (PST) of 27 customers out of a total of nearly 30,000 customers. PSTs are typically used to store copies of messages, calendar events and other items associated with Microsoft Exchange and other Microsoft products.

Related: Rackspace Completes Investigation Into Ransomware Attack

Related: Play Ransomware Gang Used New Exploit Method in Rackspace Attack

Related: Rackspace Hit With Lawsuits Over Ransomware Attack

Related: Rackspace Confirms Ransomware Attack, Not Sure If Data Was Stolen

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.