Rackspace say there is a zero day in ScienceLogic EM7, which has been exploited inside Rackspace.
https://x.com/ynezzor/status/1839931641172467907
Rackspace outage report from 24th September 2024 (doesn't mention a security incident): https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
ScienceLogic haven't got anything on their support site about a new vulnerability.
The #Rackspace outage link says the incident is ongoing #threatintel
The Register has picked up this story.
Sciencelogic say the vulnerability is in a third party software library and no CVE has been issued, and they’re declining to name the library.
One to watch. Smells of dead bodies in cupboards. https://www.theregister.com/2024/09/30/rackspace_zero_day_attack/
@GossiTheDog why do i have the feeling it is either python or javascript?
Sciencelogic have published a security update for ScienceLogic SL1 which fixes the zero day vulnerability.. but they’ve put it behind a paywall, haven’t told customers and haven’t issued a CVE. #Rackspace #threatintel #ScienceLogic
PSA for ScienceLogic SL1 customers - go to the support portal and download and apply the security hotfix for the product.
They haven't told people to do this and haven't allocated a CVE and locked it behind a support paywall -- but there's an actively exploited zero day in the product they're trying to actively downplay. #Rackspace #threatintel #ScienceLogic
Does anybody know which third party application within ScienceLogic is the vulnerable one?
ScienceLogic are refusing to disclose, as are Rackspace, so it’s created this ridiculous situation where there’s an actively exploited zero day in the wild where there’s zero information on how to protect and detect.
My Signal address is in my profile.
I have a fun blog about the ScienceLogic situation due to drop on Monday entitled “ScienceLogic and their security vulnerability cover ups”. #Rackspace #threatintel #ScienceLogic
A CVE has been allocated for the ScienceLogic ‘third party application’ zero day that lead to the Rackspace breach. CVE-2024-9537
Patches have been made available finally.
The articles for it are all behind a paywall on ScienceLogic portal.
The vulnerability description is an “unspecified vulnerability”.
Friday night dump.
Previously on ScienceLogic - the time where they threatened legal action during a vulnerability report via MITRE. https://web.archive.org/web/20230816081531/https://www.securifera.com/blog/2023/08/16/sciencelogic-dumpster-fire/
Aside from having one of the worst vulnerability disclosure processes from any vendor, ScienceLogic also now has a CVE allocated by... CISA.
Maybe they can make legal threats to the USG this time... or hire some security people.