Barracuda trades malware-affected ESGs for free

Barracuda News

Share post

Attackers recently exploited a vulnerability in Barracuda Email Security Gateways (ESG). In some cases, the attackers were able to place malware that is still active after an update. Barracuda informs affected customers and even replaces the ESGs free of charge.

In a statement, Barracuda explains the situation regarding security gaps and Email Security Gateway (ESG). The detailed vulnerability described is explained under CVE-2023-2868. The provided update is also recommended there. In addition, security specialist Mandiant investigated the incident and wrote an interesting blog post. In it, Mandiant lists the exploitation of the vulnerability and has discovered some links towards China.

UI notification

According to Barracuda, approximately 5 percent of active ESG appliances worldwide are affected by the vulnerability. Barracuda has traffic in mind for many ESGs. Despite the new update being active, some anomalies were found that indicate a malware infestation. With these devices, Barracuda uses the user interface to inform the owner to contact support. They will advise him there and help to exchange the ESG used. In this case, the exchange is even free of charge. If you haven't received a notification from Barracuda, relax. He should therefore not belong to the group of those affected.

As part of the investigation, Mandiant has identified a suspected China Nexus actor, currently known as UNC4841, targeting a subset of the Barracuda ESG Appliances to use as a vector for attacks against specific organizations and individuals. Mandiant believes there is a high probability that UNC4841 is the actor behind this targeted campaign, which is working in support of the People's Republic of China.

Many tracks lead to China

If customers have questions about the vulnerability or incident, they should contact [email protected] turn. However, Barracuda informs that the investigation is not yet complete.

More at Barracuda.com

 


Via Barracuda Networks

Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.


 

Matching articles on the topic

Curious: Malware developer gives himself away through mistakes

Exposing the Styx Stealer: How a hacker's slip-up led to the discovery of a huge amount of data on his own computer. The ➡ Read more

NIS2 Directive for cybersecurity in the EU

The introduction of the EU NIS2 Directive, which is to be implemented into national law by the Member States by October 2024, brings ➡ Read more

Best-of-breed for cybersecurity

History repeats itself, even in the area of ​​cybersecurity. There are cycles of consolidation and modularization. Currently, consolidation is again ➡ Read more

Webinar 17 September: Implementing NIS2 in a legally compliant manner

NIS2 Deep Dive: In a free, German-language webinar on September 17th from 10 a.m., a lawyer will explain how companies ➡ Read more

Vulnerability in the Google Cloud Platform (GCP)

An exposure management company announces that its research team has identified a vulnerability in the Google Cloud Platform (GCP) ➡ Read more

NIST standards for quantum security

The publication of the post-quantum standards by the National Institute of Standards and Technology (NIST) marks a decisive step forward in securing ➡ Read more

Cisco licensing tool with critical 9.8 vulnerabilities

Cisco reports critical vulnerabilities in the Cisco Smart Licensing Utility that achieve a CVSS score of 9.8 out of 10. These vulnerabilities ➡ Read more

Ransomware attacks: 6 out of 10 companies attacked

Bitkom has surveyed more than 1.000 companies in Germany: More than half of the companies are victims of ransomware attacks ➡ Read more