0day in ScienceLogic: hackers gained access to Rackspace's internal systems

Man

Professional
Messages
3,223
Reaction score
915
Points
113
What's behind the dashboard being unavailable?

Rackspace has been hit by a cyberattack due to a zero-day vulnerability in a third-party application. The hack affected the internal performance monitoring system, which is why the dashboard for customers was temporarily disabled.

Rackspace used ScienceLogic software for monitoring, and the attackers were able to take advantage of zero-day in one of the program's components. As a result, the hackers gained access to three internal Rackspace servers and some monitoring-related information.

However, the functionality of the customer monitoring system itself was not affected. The only effect for users was the temporary unavailability of the dashboard, while the rest of the company's services worked stably.

In an email sent to customers, Rackspace said the attackers gained access to restricted information, including: account names and numbers, customer logins, internal device IDs and IP addresses, and encrypted passwords for internal device agents. The company emphasizes that customers do not need to take any additional action.

Rackspace immediately isolated the compromised hardware, disabled it, and, together with ScienceLogic, developed and installed a patch to eliminate the vulnerability. ScienceLogic has also notified its customers and released an update to minimize the threat. However, the company does not disclose the name of the vulnerable software to prevent additional risks.

Earlier, in December 2022, Rackspace was already attacked using a zero-day vulnerability - then customer email service was disrupted due to a ransomware infection of Microsoft Exchange hosting. Losses from the incident amounted to about $11 million.

Source
 
Top