September 27, 2023

Barracuda has warned its customers that some of its Email Security Gateway appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability.

The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening. The issue was discovered on May 19 and fixed it with the release of two security patches on May 20 and 21.

The security flaw could have a significant impact because the impacted Email Security Gateway appliances are used by hundreds of thousands of organizations worldwide, including several high-profile businesses.

Advertisements

The bug doesn’t impact other Barracuda products and states that its SaaS email security services is not affected by this issue.

Barracuda investigated the flaw and discovered that it was exploited to target a subset of email gateway appliances. The company notified via the ESG user interface the customers whose appliances they believe were impacted.

Barracuda says that the investigation was limited to its ESG product and not the customers’ specific environment. Impacted organizations are recommended to review their networks to determine if other systems were compromised by the attackers.

Tags:

Leave a Reply

You may have missed

BORN Canada latest victim of MoveIT data breach

September 27, 2023

Hardware Supply Chain Risk Assessment from CISA

September 27, 2023

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023
%d bloggers like this: