A critical Barracuda security backdoor has been exploited for months, so patch now By Mobile Malls May 31, 2023 0 303 views Hackers have been exploiting a zero-day vulnerability in a Barracuda Networks product over a number of months to focus on numerous organizations with quite a few items of malware, reviews have claimed.The corporate mentioned it has patched a vital vulnerability tracked as CVE-2023-2868, which had been utilized by risk actors since October 2022. The e-mail software program in query is known as Barracuda Electronic mail Safety Gateway (ESG), with variations between 5.1.3.001 and 9.2.0.006 being weak.“Customers whose home equipment we consider have been impacted have been notified by way of the ESG consumer interface of actions to take,” the corporate mentioned in a safety advisory. “Barracuda has additionally reached out to those particular prospects. Further prospects could also be recognized in the midst of the investigation.”Three malware householdsUp to now, Barracuda says it has noticed three malware households being distributed by way of the zero-day: Saltwater, Seaside, and Seaspy. The previous permits risk actors to obtain and add recordsdata, and run instructions, amongst different issues. Seaside is a persistence backdoor, whereas the latter is used to obtain a C2 IP tackle and port to determine a reverse shell. To ensure your group is protected, you must do the next: Replace your ESG equipment, and ensure it’s usually patchedCease utilizing the compromised ESG equipmentRotate ESG equipment credentials the place potential, together with any linked LDAP/AD, Barracuda Cloud Management, FTP Server, SMB, and any personal TLS certificates. The corporate additionally invitations all purchasers who consider they might have been focused, to achieve out to assist by way of [email protected].Lastly, organizations ought to assessment their community logs and search for potential indicators of compromise or unknown IP addresses. In accordance with the Nationwide Vulnerability Database, the flaw is a distant command injection vulnerability arising because the equipment fails to comprehensively sanitize the processing of .tar recordsdata (tape archives). In different phrases, formatting file names in a particular approach permits the attackers to execute system instructions. These are one of the best firewalls at present
