Cybersecurity

Barracuda Urges Immediate Replacement of Hacked ESG Equipment


June 08, 2023Ravie LakshmananEmail Security / Vulnerabilities

Enterprise security firm Barracuda is now urging customers affected by a recently uncovered zero-day error in Email Security Gateway (ESG) equipment to replace it immediately.

“Affected ESG equipment should be replaced immediately regardless of patch version level,” the company said said in an update, adding “the current remediation recommendation is full replacement of the affected ESG.”

The latest development comes as Barracuda discloses that a critical device flaw (CVE-2023-2868, CVSS score: 9.8) has been exploited as day zero for at least seven months since October 2022 to deliver bespoke malware and steal data.

Cyber ​​security

The vulnerability concerns a case of remote code injection affecting versions 5.1.3.001 to 9.2.0.006 originating from incomplete validation of attachments contained in incoming emails. It is aimed at May 20 and May 21, 2023.

The three different malware families discovered to date come with the ability to upload or download arbitrary files, execute commands, set persistence, and create a reverse shell to an actor-controlled server.

The exact scope of the incident is still unknown. The US Cybersecurity and Infrastructure Agency (CISA) has recommended that federal agencies implement the fix by June 16, 2023.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.





Source link

Related Articles

Back to top button