This week, Rackspace finally made an announcement about the security incident that occurred in December. While Rackspace was pointing the finger at Microsoft, some users didn’t find the announcement satisfying. Also this week, the Federal Communications Commission proposed to update data breach reporting to address security breaches in the telecom industry. The FCC chairwoman stated that the current rules are 15 years old. There were two important acquisitions this week. Hivelocity acquired network infrastructure solutions and cloud provider, Heficed and Microsoft acquired DPU provider Fungible.
Rackspace points the finger at Microsoft
Rackspace Technology is blaming Microsoft Exchange Server vulnerability for the recent security incident affecting its services. Rackspace finally completed the forensic investigation and shared information broadly about the root cause. The company claimed that the Play ransomware gang was responsible for the attack and that it was a zero-day exploit associated with CVE-2022-41080. In the announcement, the company said that Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a Remote Code Execution chain that was exploitable.
Ukraine needs at least $1.79 billion to restore its telecommunications sector
International Telecommunication Union published a report about Ukraine’s destroyed or seized networks during the invasion. According to the report, the country needs at least $1.79 billion to repair its telecommunications infrastructure. The report only covers the first six months of the war and discovered considerable damage and destruction to communications infrastructure in 10 regions. The agency was commissioned in April to assess the impact of networks that are destroyed completely or seized in Ukraine.
FCC to update data breach reporting requirements
The Federal Communications Commission launched a proceeding, named FCC Proposes Updated Data Breach Reporting To Address Security Breaches in Telecom Industry, to strengthen the rules for notifying of data breaches. The commission aims to align its rules better with the recent developments in federal and state data breach laws covering other sectors. The Notice of Proposed Rulemaking adopted by a unanimous vote of the full Commission will launch a formal proceeding to gather information on the issue. With the proposal, the FCC also aims to eliminate the current seven business day mandatory waiting period for notifying customers of a breach.
Hivelocity acquires Heficed
Hivelocity announced the acquisition of UK-based Heficed. With the agreement, Heficed, its customers, select staff, and their data center locations will all fold into the Hivelocity brand. Hivelocity stated that although things are changing, any effects on existing Heficed customers’ services during this transition will be kept to a minimum. Hivelocity will now have three new data center locations for its clients to deploy bare metal from São Paulo, BR, Johannesburg, ZA, and Lagos, NG.
Critical Control Web Panel vulnerability abused by hackers
Control Web Panel (CWP), also known as CentOS Web Panel, has recently been targeted by hackers trying to abuse the bug with a severity score of 9.8. The previously patched vulnerability is being targeted by attackers again, at around the same time as last year when a similar incident occurred. The vulnerability allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. The bug impacts all versions of the software before version 0.9.8.1147 and was spotted and patched by Numan Türle of Gais Security.
Microsoft announced the Fungible acquisition
Microsoft has officially confirmed the acquisition of Fungible, a provider of composable infrastructure to accelerate data centers’ networking and storage performance with high-efficiency, low-power data processing units. With the acquisition, the Fungible team will join Microsoft’s data center infrastructure engineering teams. The team will focus on delivering multiple DPU solutions, network innovation, and hardware systems advancements. Although Microsoft didn’t disclose the details of the acquisition, various online news sources claim that the price was approximately $190 million.
Intel’s 4th Gen Xeon “Sapphire Rapids” chips are now available
Intel‘s new 4th Gen Xeon Scalable processors, also known as Sapphire Rapids, are now available. The 4th Gen Xeon Scalable processors, making the optimal use of CPU resources, are known as Intel’s most sustainable data center processors as of now. When using built-in accelerators, 4th Gen Intel Xeon customers can anticipate an increase in performance per watt of 2.9x on average for targeted workloads, up to 70 watts in power savings per CPU in optimized power mode with little performance loss, and a 52% to 66% lower TCO when compared to prior generations.