Barracuda warns of email gateways breached via zero-day flaw

Hacker

Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway (ESG) appliances were breached last week by targeting a now-patched zero-day vulnerability.

On Friday, May 19, a vulnerability was discovered in the email attachment scanning module. The issue was addressed by applying two security patches on May 20 and 21.

While the flaw was patched over the weekend, Barracuda warned on Tuesday that some of its customers’ ESG appliances were compromised by exploiting the now-patched security bug.

“Based on our investigation to date, we’ve identified that the vulnerability resulted in unauthorized access to a subset of email gateway appliances,” the company said.

“Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take. Barracuda has also reached out to these specific customers.

The company’s other products, including SaaS email security services, were unaffected by this vulnerability.

Customers asked to check networks for intrusions

Barracuda said the investigation was limited to its ESG product and not the customers’ corporate networks. Therefore, the company advises impacted organizations to review their environments to confirm the threat actors did not spread to other devices on the network.

“If a customer has not received notice from us via the ESG user interface, we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take,” Barracuda told BleepingComputer.

A spokesperson for Barracuda didn’t reply to a subsequent email asking for more details regarding the number of affected customers or if their data was impacted after their ESG appliances were breached.

Today, Barracuda also addressed a login issue affecting Email Gateway Defense (EGD) appliances and a buggy spam scoring rule that led to customer emails being blocked incorrectly.

Barracuda says its enterprise-grade security solutions are now used by over 200,000 organizations worldwide, including Samsung, Mitsubishi, Kraft Heinz, Delta Airlines, and other high-profile companies.


Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn