• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Personal Storage Table Files Accessed in Rackspace Attack

You are here: Home / General Cyber Security News / Personal Storage Table Files Accessed in Rackspace Attack
January 6, 2023

Rackspace has unveiled additional facts of a ransomware attack in December that brought on disruption for its Hosted Trade shoppers, claiming that risk actors accessed information that may have contained email messages, contacts and other facts.

The firm was struck by the Play variant at the begin of the thirty day period, forcing it to quickly suspend its Hosted Exchange surroundings.

In an update yesterday, the hosting big stated that of 30,000 consumers employing the setting at the time of the attack, 27 experienced their Individual Storage Table (PST) data accessed.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


A PST is a file applied by Microsoft packages to shop info which includes e-mail, calendar functions and contacts.

Nevertheless, Rackspace also sought to reassure these impacted customers with info from its IT forensics spouse CrowdStrike.

“We have previously communicated our results to these clients proactively, and importantly, according to CrowdStrike, there is no proof that the danger actor basically considered, attained, misused or disseminated e-mail or info in the PSTs for any of the 27 Hosted Exchange customers in any way,” it mentioned.

“Customers who had been not contacted immediately by the Rackspace staff can be certain that their PST knowledge was not accessed by the risk actor.”

The agency also revealed that the original entry vector for the Enjoy affiliate that compromised its surroundings was zero-day bug CVE-2022-41080. Patched by Microsoft in November, it is an elevation of privilege vulnerability in Exchange Server.

In accordance to CrowdStrike, the bug was exploited along with a person of the ProxyNotShell vulnerabilities (CVE-2022-41082) to obtain distant code execution through Outlook Web Accessibility (OWA).

“The new exploit system bypasses URL rewrite mitigations for the Autodiscover endpoint supplied by Microsoft in reaction to ProxyNotShell,” it explained.

Citing the exploration, Rackspace argued that preceding stories suggesting that ProxyNotShell alone was the “root cause” of the incident have been as a result inaccurate.

“Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not involve notes for [it] getting element of a distant code execution chain that was exploitable,” it stated.

Editorial credit history icon impression: T. Schneider / Shutterstock.com


Some parts of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Security Industry Hits Back with MegaCortex Decryptor
Next Post: Play ransomware gang behind recent cyber attack on Rackspace play ransomware gang behind recent cyber attack on rackspace»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data
  • Play ransomware gang behind recent cyber attack on Rackspace
  • Personal Storage Table Files Accessed in Rackspace Attack
  • Security Industry Hits Back with MegaCortex Decryptor

Copyright © TheCyberSecurity.News, All Rights Reserved.