Security News

Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the...

Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry Exclusive Rackspace has told customers intruders exploited a zero-day bug in a...

Rackspace's costs from last year's ransomware infection continue to mount. In its most recent 10-Q quarterly report to the SEC, Rackspace said it racked up $5 million in ransomware-related expenses in the year to September 30, 2023.

Rackspace's costs from last year's ransomware infection continue to mount: the cloud hosting biz told America's financial watchdog, the SEC, its total expenses to date regarding that cyberattack have reached $12 million - so far. Rackspace ultimately blamed the Play crew for the intrusion, and said the miscreants broke in after exploiting CVE-2022-41080, a critical Exchange privilege escalation bug, before Microsoft could issue a fix.

The ransomware attack on Rackspace has taught us the importance of good cybersecurity habits. Rackspace took to social media on December 6, 2022, posting on Twitter that the outage resulted from a ransomware attack.

The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the company confirmed last week. "We will be sharing more detailed information with our customers and peers in the security community so that, collectively, we can all better defend against these types of exploits in the future," Rackspace noted in its final update on the concluded forensic investigation.

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment.

Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack. Rackspace said "More than half" of its customers who lost their hosted email service last month now have "Some or all of their data available to them for download," in its latest and final status update, posted today.

"Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table of 27 Hosted Exchange customers," Rackspace said in an incident report update shared with BleepingComputer in advance. "Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor."

Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company's hosted Microsoft Exchange environments. While Crowdstrike didn't name the victim in their report, Rackspace officials have revealed in recent local media interviews and emails to BleepingComputer that the OWASSRF exploit was found on its network and Play ransomware was behind last month's ransomware attack.