Cyber Security

Barracuda Urges Immediate Replacement of Hacked ESG Appliances

Jun 08, 2023Ravie LakshmananEmail Security / Vulnerability

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them.

“Impacted ESG appliances must be immediately replaced regardless of patch version level,” the company said in an update, adding its “remediation recommendation at this time is full replacement of the impacted ESG.”

The latest development comes as Barracuda disclosed that a critical flaw in the devices (CVE-2023-2868, CVSS score: 9.8) has been exploited as a zero-day for at least seven months since October 2022 to deliver bespoke malware and steal data.

The vulnerability concerns a case of remote code injection affecting versions through that stems from an incomplete validation of attachments contained within incoming emails. It was addressed on May 20 and May 21, 2023.

The three different malware families discovered to date come with capabilities to upload or download arbitrary files, execute commands, set up persistence, and establish reverse shells to an actor-controlled server.

The exact scope of the incident still remains unknown. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recommended that federal agencies apply the fixes by June 16, 2023.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

FTC and 17 states sue Amazon on antitrust charges
Big Screens, Bigger Savings: Dive Into Croma’s 55-Inch TV Discounts Now!
Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
Meta Used Public Instagram, Facebook Posts to Train Its New AI Assistant
Microsoft is Rolling out Support for Passkeys in Windows 11