Rapid7‘s Caitlin Condon called this remarkable turn of events “fairly stunning,” and said there appear to be roughly 11,000 vulnerable ESG devices still connected to the Internet worldwide. Therefore, we would like customers to replace any compromised appliance with a new unaffected device.” “Despite deployment of additional patches based on known IOCs, we continue to see evidence of ongoing malware activity on a subset of the compromised appliances. ![]() “As of June 8, 2023, approximately 5% of active ESG appliances worldwide have shown any evidence of known indicators of compromise due to the vulnerability,” the statement continues. Nevertheless, the statement says that “out of an abundance of caution and in furtherance of our containment strategy, we recommend impacted customers replace their compromised appliance.” If no notification is displayed, we have no reason to believe that the appliance has been compromised at this time.” “If an ESG appliance is displaying a notification in the User Interface, the ESG appliance had indicators of compromise. “No other Barracuda product, including our SaaS email solutions, were impacted by this vulnerability,” the company said. In a statement, Barracuda said it will be providing the replacement product to impacted customers at no cost, and that not all ESG appliances were compromised. “Barracuda’s recommendation at this time is full replacement of the impacted ESG.” “Impacted ESG appliances must be immediately replaced regardless of patch version level,” the company’s advisory warned. More alarmingly, the company said it appears attackers first started exploiting the flaw in October 2022.īut on June 6, Barracuda suddenly began urging its ESG customers to wholesale rip out and replace - not patch - affected appliances. ![]() In its security advisory, Barracuda said the vulnerability existed in the Barracuda software component responsible for screening attachments for malware. On May 19, Barracuda identified that the malicious traffic was taking advantage of a previously unknown vulnerability in its ESG appliances, and on May 20 the company pushed a patch for the flaw to all affected appliances ( CVE-2023-2868). based Barracuda said it hired incident response firm Mandiant on May 18 after receiving reports about unusual traffic originating from its Email Security Gateway (ESG) devices, which are designed to sit at the edge of an organization’s network and scan all incoming and outgoing email for malware. The Barracuda Email Security Gateway (ESG) 900 appliance.Ĭampbell, Calif.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |