Threat Actors Compromise Barracuda Email Security Appliances
The company's ESG appliances were breached, but their other services remain unaffected by the compromise.
Email and network security solutions company Barracuda Networks is warning customers that threat actors have targeted its email security gateway (ESG) appliances for compromise, by way of an email attachment scanning module.
The issue, discovered on May 19, has since been addressed through two security patches applied worldwide on May 20 and 21, though Barracuda still warned its customers on May 23 that some of the ESG appliances remain compromised. In its investigation, the company found that the vulnerability "resulted in unauthorized access to a subset of email gateway appliances," though its other products, such as the software-as-a-service (SaaS) email security services, were not affected.
Because the investigation was limited specifically to the ESG, the company encourages those that have been affected to assess their network environments to ensure that their other devices on the network have not also been compromised.
Barracuda continues to monitor the situation and users who have been impacted have been notified through ESG appliances of what their next steps should be.
"If a customer has not received notice from us via the ESG user interface," the company said, "we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024