May 31, 2023

Barracuda has warned its customers that some of its Email Security Gateway appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability.

The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening. The issue was discovered on May 19 and fixed it with the release of two security patches on May 20 and 21.

The security flaw could have a significant impact because the impacted Email Security Gateway appliances are used by hundreds of thousands of organizations worldwide, including several high-profile businesses.

Advertisements

The bug doesn’t impact other Barracuda products and states that its SaaS email security services is not affected by this issue.

Barracuda investigated the flaw and discovered that it was exploited to target a subset of email gateway appliances. The company notified via the ESG user interface the customers whose appliances they believe were impacted.

Barracuda says that the investigation was limited to its ESG product and not the customers’ specific environment. Impacted organizations are recommended to review their networks to determine if other systems were compromised by the attackers.

Tags:

Leave a Reply

You may have missed

Mirai Bots Targeting IoT Devices

Mirai Bots Targeting IoT Devices

May 30, 2023
Watering hole attack from Tortoiseshell group

Watering hole attack from Tortoiseshell group

May 29, 2023
New TLD Based Phishing Campaign

New TLD Based Phishing Campaign

May 29, 2023
CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
%d bloggers like this: