AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Barracuda networks calls for the replacement of compromised ESG equipment

Following a security breach, the company detects a zero-day attack and prompts immediate customer response to prevent further damage

This pill is also available in Italian language

Barracuda Networks has urged its customers to promptly replace their compromised Email Security Gateway (ESG) equipment, regardless of installing all available patches. The company identified targeted attacks on its ESG assets on May 18. Within a day, he discovered that the attacks exploited a zero-day vulnerability (CVE-2023-2868), immediately starting the preparation of patches and scripts to mitigate the attack, which he then released shortly after.

The first countermeasures

Barracuda's initial recommendations for affected customers included ensuring their devices received all security updates, definitions, and patches. Simultaneously, the company instructed customers to stop using the compromised devices and contact its support team to receive a new ESG appliance.

Further action required

On June 6, Barracuda issued a 'notice to action' urging affected customers to replace their equipment immediately, regardless of its patch level. This suggests that updates may not be fully effective in resolving hacked systems. “If you have not replaced your equipment after receiving an alert in your UI, contact support now,” Barracuda said, recommending complete replacement of the compromised ESG as a remedy at this time.

Vulnerability investigation details

An investigation by Barracuda, conducted with assistance from Mandiant, revealed that the vulnerability has been exploited since at least October 2022. CVE-2023-2868 is a remote command injection issue that affects a module designed to initial screening of email attachments. Information shared by the company thus far indicates that threat actors have delivered malware to a subset of appliances and used it to exfiltrate data. Three types of malware were discovered on the hacked Barracuda devices, named SaltWater, SeaSpy and SeaSide. SaltWater allows attackers to upload and download files, execute arbitrary commands and use it for proxy or tunneling purposes. SeaSpy provides a backdoor functionality, while SeaSide is used to receive command and control (C&C) information and to establish a reverse shell. Barracuda shared indicators of compromise (IoC) for endpoints and networks, along with Yara rules you can use for threat hunting.

Follow us on Google News for more pills like this

06/08/2023 08:35

Editorial AI

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat