Subj : Barracuda now says you'll have to replace your ESG device right a
To   : All
From : TechnologyDaily
Date : Thu Jun 08 2023 13:15:03

Barracuda now says you'll have to replace your ESG device right away

Date:
Thu, 08 Jun 2023 12:00:05 +0000

Description:
A high-severity flaw has forced Barracuda to make a radical move and tell 
clients to replace affected ESG fast.

FULL STORY
======================================================================

Barracuda has announced that its vulnerable Email Security Gateway (ESG) 
appliances should now be replaced immediately. 

Despite releasing a patch for a high-severity zero-day vulnerability found 
roughly a week ago, the email and network security firm's new advice suggests 
that affected devices are in fact beyond help. 

The company updated its initial security advisory earlier this week to: 
"Impacted ESG appliances must be immediately replaced regardless of patch 
version level... Barracuda's remediation recommendation at this time is full 
replacement of the impacted ESG." Three malware families 

The company also says that it has notified all affected customers already. 
Those who are yet to replace their gear should contact the company via 
support@barracuda.com as soon as possible. 

Early last week, reports circulated of hackers exploiting a zero-day 
vulnerability in Barracudas ESGs over several months, targeting countless 
organizations with different malware. The zero-day is tracked as 
CVE-2023-2868, found in ESGs versions between 5.1.3.001 and 9.2.0.006. Read 
more 

> A critical Barracuda security backdoor has been exploited for months, so 
patch now 


 > That Dropbox link in your inbox could be a scam 


 > Check out the best endpoint protection solutions right now 

According to the National Vulnerability Database, the flaw is a remote 
command injection vulnerability arising as the appliance fails to 
comprehensively sanitize the processing of .tar files (tape archives). In 
other words, formatting file names in a specific way allows the attackers to 
execute system commands. 

Initially, Barracuda said it spotted three malware families being distributed 
via the zero-day: Saltwater, Seaside, and Seaspy. These three allow threat 
actors to download and upload files, run commands, establish persistence, and 
establish a reverse shell. 

The patch was published on May 20. Advise to Affected businesses included 
rotating ESG appliance credentials where possible, including any connected 
LDAP/AD, Barracuda Cloud Control, FTP Server, SMB, and any private TLS 
certificates. 

More than 200,000 organizations are using Barracudas products, the company 
claims. Some of its clients include Samsung, Delta Airlines, Mitsubishi, and 
others. These are the best malware removal tools today 

Via: BleepingComputer



======================================================================
Link to news story:
https://www.techradar.com/news/barracuda-now-says-youll-have-to-replace-your-e
sg-device-right-away


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.