Cloud Security, Breach, Vulnerability Management, Supply chain

Third-party zero-day leveraged to breach certain Rackspace servers

Share
Plain code with the word "cyberattack" in red.

U.S. cloud computing firm Rackspace had limited customer information from its internal web servers compromised following an attack exploiting a zero-day vulnerability impacting a third-party app used by the servers last week, according to The Register.

Threat actors leveraged the zero-day to infiltrate three of Rackspace's internal monitoring web servers with the ScienceLogic app and the third-party utility, facilitating access to customers' account names and numbers, usernames, Rackspace internally generated device IDs, device names and IP addresses, and AES256 encrypted Rackspace internal device agent credentials, a notification letter to Rackspace customers stated. Additional details regarding the third-party utility have not been provided but both Rackspace and ScienceLogic have downplayed the impact of the incident. "No other Rackspace products, platforms, solutions, or businesses were affected by this event. We have actively notified all affected customers and are updating customers as appropriate," said Rackspace.

Third-party zero-day leveraged to breach certain Rackspace servers

Threat actors leveraged the zero-day to infiltrate three of Rackspace's internal monitoring web servers with the ScienceLogic app and the third-party utility, facilitating access to customers' account names and numbers, usernames, Rackspace internally generated device IDs, device names and IP addresses, and AES256 encrypted Rackspace internal device agent credentials.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.