Quick Hits

Threat Actors Compromise Barracuda Email Security Appliances

The company's ESG appliances were breached, but their other services remain unaffected by the compromise.

Email and network security solutions company Barracuda Networks is warning customers that threat actors have targeted its email security gateway (ESG) appliances for compromise, by way of an email attachment scanning module.

The issue, discovered on May 19, has since been addressed through two security patches applied worldwide on May 20 and 21, though Barracuda still warned its customers on May 23 that some of the ESG appliances remain compromised. In its investigation, the company found that the vulnerability "resulted in unauthorized access to a subset of email gateway appliances," though its other products, such as the software-as-a-service (SaaS) email security services, were not affected.

Because the investigation was limited specifically to the ESG, the company encourages those that have been affected to assess their network environments to ensure that their other devices on the network have not also been compromised.

Barracuda continues to monitor the situation and users who have been impacted have been notified through ESG appliances of what their next steps should be.

"If a customer has not received notice from us via the ESG user interface," the company said, "we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take."

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading