Posted on 12/08/2022 2:34:50 PM PST by linMcHlp
UPDATED Rackspace has admitted a ransomware infection was to blame for the days-long email outage that disrupted services for customers.
The security snafu took down some of Rackspace's hosted Microsoft Exchange services on Friday afternoon [12/02/2022]. In its most recent update, posted at 0826 Eastern Time on Tuesday [12/06/2022], Rackspace said it has now "determined this suspicious activity was the result of a ransomware incident," and has hired a "leading cyber defense firm to investigate."
The company hasn't yet determined what customer data was touched. "If we determine sensitive information was affected, we will notify customers as appropriate," it added.
(Excerpt) Read more at theregister.com ...
One would think that a large organization such as this would have absolutely the best cyber security around. But I’m not all that surprised. Many company’s skimp on their security and hope they don’t get hit. It happens more than people realize.
Rackspace Hosted Exchange Outage Due to Security Incident
https://www.searchenginejournal.com/rackspace-hosted-exchange-outage-due-to-security-incident/473062/
Excerpted from that info:
These are the two most current vulnerabilities:
CVE-2022-41040
Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability
A Server Side Request Forgery (SSRF) attack allows a hacker to read and change data on the server.
CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability
A Remote Code Execution Vulnerability is one in which an attacker is able to run malicious code on a server.
- - -
A recent Techcrunch article:
https://techcrunch.com/2022/12/06/rackspace-blames-ransomware-attack-for-ongoing-exchange-outage/
EXCERPT:
[S]ecurity researcher Kevin Beaumont believes the incident may involve exploitation of the Microsoft Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082, better known as ProxyNotShell. ProxyNotShell first came to light in late September after Vietnamese cybersecurity company GTSC observed it being exploited in the wild. Microsoft confirmed exploitation the following month and linked it to a state-sponsored hacker group.
Pretty much, if you're using Microsoft Exchange, you really don't give a crap about security. What a virus and worm magnet.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.