Best Top Reviews Online

Rackspace Confirms Play Ransomware Gang Was Behind Recent Breach

Cloud services provider Rackspace confirmed on Thursday that the Play ransomware gang was responsible for the breach last month.

The security incident that occurred on 2 December 2022 exploited a previously unknown security flaw to gain initial access to the Rackspace Hosted Exchange email environment.

“CVE-2022-41080 is associated with this zero-day exploit,” the Texas-based company said. “Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability without noting that it was part of an exploitable remote code execution chain.”

Rackspace’s forensic investigation revealed that the threat actor accessed the Personal Storage Table (.PST) files of 27 out of nearly 30,000 customers on the Hosted Exchange email platform.

However, according to the company, there is no evidence that the adversary viewed, abused, or distributed emails or data from the customer’s storage folders. As part of a planned migration to Microsoft 365, it stated that it intends to retire its Hosted Exchange platform.

It is currently unknown whether Rackspace paid a ransom to the cybercriminals, but the disclosure follows a report from CrowdStrike last month that shed light on the Play ransomware actors’ new technique, dubbed OWASSRF.

The mechanism targets Exchange servers that have URL rewrite mitigations for the Autodiscover endpoint but are unpatched for the ProxyNotShell vulnerabilities (CVE-2022-41040 and CVE-2022-41082).

This involves an exploit chain consisting of CVE-2022-41080 and CVE-2022-41082 to bypass the blocking rules for remote code execution via Outlook Web Access (OWA). Microsoft addressed the vulnerabilities in November 2022.

In a statement provided to The Hacker News, Microsoft urged customers to prioritize the installation of its November 2022 Exchange Server updates and noted that the reported method targets vulnerable systems that have not received the latest patches.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Apple Introduces A New Security Research Website

October 28, 2022

Apple Security Research is a new website dedicated to improving the methods available to security researchers for reporting issues to Apple. The website provides tools for sending Apple security reports, receiving real-time status updates, and contacting Apple engineers. In addition…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.