October 2, 2023

The ACT Government is currently responding to a security breach that has affected Barracuda, an e-mail gateway system that supports some ACT Government ICT systems.

Barracuda has initially identified the CVE-2023-2838 vulnerability on 19 May issuing a first patch on 20 May and a second patch on 21 May. A few days later, on 30 May, the vendor revealed the earliest identified evidence of exploitation took place in October 2022.

Barracuda posted a warning that impacted appliances must be replaced immediately. The vulnerability existed in a module which initially screens the attachments of incoming emails.

Advertisements

Upon detection of the vulnerability the ACT Cyber Security Centre immediately completed a rebuild of the impacted Barracuda system to eliminate any ongoing vulnerability,

“The investigation has now identified that a breach has occurred, and a harms assessment is underway to fully understand the impact specific to our systems, and importantly to the data that may have been accessed.”

ACT Statement

ACT government is confident that actions taken to date have contained the breach and that there is no ongoing threat, and instructed citizens can continue to use ACT Government online systems with confidence.

The ACT government is working with the Australian Cyber Security Centre and Barracuda Networks on the ongoing investigation.

Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: