Re: [mailop] RackSpace Security Issue

[Emil Stahl Pedersen via mailop]

Update:

We appreciate your patience as we continue to work through the security issues 
that have affected our Hosted Exchange environment. As you know, on Friday, 
December 2nd, 2022, we became aware of suspicious activity and immediately took 
proactive measures to isolate the Hosted Exchange environment to contain the 
incident. We have since determined this suspicious activity was the result of a 
ransomware incident.

Alongside our internal security team, we have engaged a leading cyber defense 
firm to investigate. Our investigation is still in its early stages, and it is 
too early to say what, if any, data was affected. If we determine sensitive 
information was affected, we will notify customers as appropriate.

Based on the investigation to date, we believe that this incident was isolated 
to our Hosted Exchange business. The Company's other products and services are 
fully operational, and we have not experienced any impact to our Rackspace 
Email product line and platform. Out of an abundance of caution, we have put 
additional security measures in place and will continue to actively monitor for 
any suspicious activity.

https://www.bleepingcomputer.com/news/security/rackspace-confirms-outage-was-caused-by-ransomware-attack/

https://status.apps.rackspace.com/index/viewincidents?group=2


/ Emil Stahl Pedersen
Systems Engineer
Office: +45 70 40 00 00

emil.st...@team.blue<mailto:emil.st...@team.blue>

Operations Linux
team.blue Denmark A/S
H?jvangen 4
8660 Skanderborg
Denmark
CVR: 29412006

[cid:team.blue-color-rgb-small-mail-signature_78509216-de0a-4033-a847-aa8f4610dc1b.png]


From: mailop  on behalf of William Kern via mailop 

Date: Monday, 5 December 2022 at 23.17
To: mailop@mailop.org 
Subject: Re: [mailop] RackSpace Security Issue

thanks all,

It seems we will all have to wait for the after action report to find out what 
really happened and what are the consequences.

In the meantime, we can only express best wishes to the poor sysadmins at 
Rackspace who are not having a good weekend/week.

-bill
On 12/5/2022 1:22 PM, Louis Laureys via mailop wrote:

This is the only thing I came across:
https://cyberplace.social/@GossiTheDog/109446533829121659

Louis

Op maandag 5 december 2022 om 19:50, schreef William Kern via mailop:

I was contacted by a website customer over the weekend, who is affected by the 
RackSpace Exchange "security issue".

At this point, they are transitioning to O365 so they should be fine going 
forward, but aside from email interruption they are not sure how they are 
affected.

Their main concern is email disclosure.

I'm trying to 'google' around but most of what I am finding are 'Rackspace is 
down' and complaints they aren't saying much.

Does anyway have additional info?

Since I also have customers who run their own Exchange servers, I'm curious if 
there is some new exploit out there, that they should be worried about.

Sincerely

William "Bill" Kern

PixelGate Networks.

___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://list.mailop.org/listinfo/mailop



___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] RackSpace Security Issue

[Robert Schoneman via mailop]

Kevin’s full article goes in to some more detail about the possibility 
Rackspace Cloud Office suffers security breach | by Kevin Beaumont | Dec, 2022 
| 
DoublePulsar<https://doublepulsar.com/rackspace-cloud-office-suffers-security-breach-958e6c755d7f>

From: mailop  On Behalf Of William Kern via mailop
Sent: Monday, December 5, 2022 5:11 PM
To: mailop@mailop.org
Subject: Re: [mailop] RackSpace Security Issue

thanks all, It seems we will all have to wait for the after action report to 
find out what really happened and what are the consequences. In the meantime, 
we can only express best wishes to the poor s
[cid:image001.png@01D908CE.0ED0F240]
External (mailop@mailop.org<mailto:mailop@mailop.org>)
[cid:image002.png@01D908CE.0ED0F240]
  Report This 
Email<https://protection.inkyphishfence.com/report?id=Ymx1bWVudGhhbC9yc2Nob25lbWFuQGJsdW1lbnRoYWxhcnRzLm9yZy8wNmEyZDA5MDI4YzQyMjkwZDhhZDY5YTA4ZDllZjI4Yy8xNjcwMjc4MzA3LjU1#key=1796581ff0b84ab2fa6006a92346c96e>
  FAQ<https://www.inky.com/banner-faq>  Protection by 
INKY<https://www.inky.com/protection-by-inky>


thanks all,

It seems we will all have to wait for the after action report to find out what 
really happened and what are the consequences.

In the meantime, we can only express best wishes to the poor sysadmins at 
Rackspace who are not having a good weekend/week.

-bill
On 12/5/2022 1:22 PM, Louis Laureys via mailop wrote:

This is the only thing I came across:
https://cyberplace.social/@GossiTheDog/109446533829121659

Louis

Op maandag 5 december 2022 om 19:50, schreef William Kern via mailop:

I was contacted by a website customer over the weekend, who is affected by the 
RackSpace Exchange "security issue".

At this point, they are transitioning to O365 so they should be fine going 
forward, but aside from email interruption they are not sure how they are 
affected.

Their main concern is email disclosure.

I'm trying to 'google' around but most of what I am finding are 'Rackspace is 
down' and complaints they aren't saying much.

Does anyway have additional info?

Since I also have customers who run their own Exchange servers, I'm curious if 
there is some new exploit out there, that they should be worried about.

Sincerely

William "Bill" Kern

PixelGate Networks.

___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://list.mailop.org/listinfo/mailop



___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] RackSpace Security Issue

[William Kern via mailop]

thanks all,

It seems we will all have to wait for the after action report to find 
out what really happened and what are the consequences.


In the meantime, we can only express best wishes to the poor sysadmins 
at Rackspace who are not having a good weekend/week.


-bill

On 12/5/2022 1:22 PM, Louis Laureys via mailop wrote:


This is the only thing I came across:
https://cyberplace.social/@GossiTheDog/109446533829121659

Louis

Op maandag 5 december 2022 om 19:50, schreef William Kern via mailop:

I was contacted by a website customer over the weekend, who is
affected by the RackSpace Exchange "security issue".

At this point, they are transitioning to O365 so they should be
fine going forward, but aside from email interruption they are not
sure how they are affected.

Their main concern is email disclosure.

I'm trying to 'google' around but most of what I am finding are
'Rackspace is down' and complaints they aren't saying much.

Does anyway have additional info?

Since I also have customers who run their own Exchange servers,
I'm curious if there is some new exploit out there, that they
should be worried about.

Sincerely

William "Bill" Kern

PixelGate Networks.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] RackSpace Security Issue

[Louis Laureys via mailop]

This is the only thing I came across:
https://cyberplace.social/@GossiTheDog/109446533829121659


Louis


Op maandag 5 december 2022 om 19:50, schreef William Kern via mailop:

> I was contacted by a website customer over the weekend, who is affected by the
> RackSpace Exchange "security issue".
> 
> At this point, they are transitioning to O365 so they should be fine going
> forward, but aside from email interruption they are not sure how they are
> affected.
> 
> Their main concern is email disclosure.
> 
> I'm trying to 'google' around but most of what I am finding are 'Rackspace is
> down' and complaints they aren't saying much.
> 
> Does anyway have additional info?
> 
> Since I also have customers who run their own Exchange servers, I'm curious if
> there is some new exploit out there, that they should be worried about.
> 
> Sincerely
> 
> William "Bill" Kern
> 
> PixelGate Networks.
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> [https://list.mailop.org/listinfo/mailop]___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] RackSpace Security Issue

[Richard via mailop]

> Date: Monday, December 05, 2022 10:50:48 -0800
> From: William Kern 
>
> I was contacted by a website customer over the weekend, who is
> affected by the RackSpace Exchange "security issue".
> 
> At this point, they are transitioning to O365 so they should be
> fine going forward, but aside from email interruption they are not
> sure how they are affected.
> 
> Their main concern is email disclosure.
> 
> I'm trying to 'google' around but most of what I am finding are
> 'Rackspace is down' and complaints they aren't saying much.
> 
> Does anyway have additional info?
> 
> Since I also have customers who run their own Exchange servers, I'm
> curious if there is some new exploit out there, that they should be
> worried about.
> 
> Sincerely
> 

See their status page:



for hints, such as they are. They have been updating that page every
12 to 24 hours.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop