A critical Barracuda security backdoor has been exploited for months, so patch now By Mobile Malls May 31, 2023 0 245 views Hackers have been exploiting a zero-day vulnerability in a Barracuda Networks product over a number of months to focus on numerous organizations with quite a few items of malware, reviews have claimed.The corporate mentioned it has patched a vital vulnerability tracked as CVE-2023-2868, which had been utilized by risk actors since October 2022. The e-mail software program in query is known as Barracuda Electronic mail Safety Gateway (ESG), with variations between 5.1.3.001 and 9.2.0.006 being weak.“Customers whose home equipment we consider have been impacted have been notified by way of the ESG consumer interface of actions to take,” the corporate mentioned in a safety advisory. “Barracuda has additionally reached out to those particular prospects. Further prospects could also be recognized in the midst of the investigation.”Three malware householdsUp to now, Barracuda says it has noticed three malware households being distributed by way of the zero-day: Saltwater, Seaside, and Seaspy. The previous permits risk actors to obtain and add recordsdata, and run instructions, amongst different issues. Seaside is a persistence backdoor, whereas the latter is used to obtain a C2 IP tackle and port to determine a reverse shell. To ensure your group is protected, you must do the next: Replace your ESG equipment, and ensure it’s usually patchedCease utilizing the compromised ESG equipmentRotate ESG equipment credentials the place potential, together with any linked LDAP/AD, Barracuda Cloud Management, FTP Server, SMB, and any personal TLS certificates. The corporate additionally invitations all purchasers who consider they might have been focused, to achieve out to assist by way of [email protected].Lastly, organizations ought to assessment their community logs and search for potential indicators of compromise or unknown IP addresses. In accordance with the Nationwide Vulnerability Database, the flaw is a distant command injection vulnerability arising because the equipment fails to comprehensively sanitize the processing of .tar recordsdata (tape archives). In different phrases, formatting file names in a particular approach permits the attackers to execute system instructions. These are one of the best firewalls at presentShare this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)MoreClick to print (Opens in new window)Click to email a link to a friend (Opens in new window)Click to share on Reddit (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Tumblr (Opens in new window)Click to share on Pinterest (Opens in new window)Click to share on Pocket (Opens in new window)Click to share on Telegram (Opens in new window)Click to share on WhatsApp (Opens in new window)
