#sciencelogic — Public Fediverse posts on home.social

Kevin Beaumont @[email protected] · 2024-10-19 · 00:10 UTC

Previously on ScienceLogic - the time last year where they threatened legal action during a vulnerability report via MITRE. https://web.archive.org/web/20230816081531/https://www.securifera.com/blog/2023/08/16/sciencelogic-dumpster-fire/

#Rackspace #threatintel #ScienceLogic

#rackspace #threatintel #sciencelogic

Kevin Beaumont @[email protected] · 2024-10-19 · 00:04 UTC

A CVE has been allocated for the ScienceLogic ‘third party application’ zero day that lead to the Rackspace breach. CVE-2024-9537

Patches have been made available finally.

The articles for it are all behind a paywall on ScienceLogic portal.

The vulnerability description is an “unspecified vulnerability”.

Friday night dump.

#Rackspace #threatintel #ScienceLogic

#rackspace #threatintel #sciencelogic

Kevin Beaumont @[email protected] · 2024-10-04 · 22:33 UTC

I have a fun blog about the ScienceLogic situation due to drop on Monday entitled “ScienceLogic and their security vulnerability cover ups”. #Rackspace #threatintel #ScienceLogic

#rackspace #threatintel #sciencelogic

Kevin Beaumont @[email protected] · 2024-10-03 · 11:26 UTC

Does anybody know which third party application within ScienceLogic is the vulnerable one?

ScienceLogic are refusing to disclose, as are Rackspace, so it’s created this ridiculous situation where there’s an actively exploited zero day in the wild where there’s zero information on how to protect and detect.

My Signal address is in my profile.

#Rackspace #threatintel #ScienceLogic

#rackspace #threatintel #sciencelogic

Kevin Beaumont @[email protected] · 2024-10-02 · 21:50 UTC

PSA for ScienceLogic SL1 customers - go to the support portal and download and apply the security hotfix for the product.

They haven't told people to do this and haven't allocated a CVE and locked it behind a support paywall -- but there's an actively exploited zero day in the product they're trying to actively downplay. #Rackspace #threatintel #ScienceLogic

#rackspace #threatintel #sciencelogic

Pyrzout :vm: @[email protected] · 2024-10-02 · 18:55 UTC

Zero-Day Breach at Rackspace Sparks Vendor Blame Game https://www.securityweek.com/zero-day-breach-at-rackspace-sparks-vendor-blame-game/ #SupplyChainSecurity #DataBreaches #ScienceLogic #ransomware #Rackspace #Featured #ZeroDay #SL1

#supplychainsecurity #databreaches #sciencelogic #ransomware #rackspace #featured

Pyrzout :vm: @[email protected] · 2024-10-02 · 18:55 UTC

Zero-Day Breach at Rackspace Sparks Vendor Blame Game https://www.securityweek.com/zero-day-breach-at-rackspace-sparks-vendor-blame-game/ #SupplyChainSecurity #DataBreaches #ScienceLogic #ransomware #Rackspace #Featured #ZeroDay #SL1

#supplychainsecurity #databreaches #sciencelogic #ransomware #rackspace #featured

Kevin Beaumont @[email protected] · 2024-10-02 · 12:38 UTC

Sciencelogic have published a security update for ScienceLogic SL1 which fixes the zero day vulnerability.. but they’ve put it behind a paywall, haven’t told customers and haven’t issued a CVE. #Rackspace #threatintel #ScienceLogic

#rackspace #threatintel #sciencelogic