GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign,...

RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability

The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now...

CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

CVE-2023-7102

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

Design/Logic Flaw

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

CVE-2023-7102

CVE-2023-7102 is a Barracuda ESG Appliance vulnerability caused by a vulnerable third-party library that allowed parameter injection. Affected versions span 5.1.3.001–9.2.1.001; Barracuda removed the vulnerable logic to fix the issue. No explicit exploitation details are provided in the available...

CVE-2023-7102 Remote Code Execution (RCE) Vulnerability

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic...

Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents

A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-leve...

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Its not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda...

[updated] Barracuda Networks patches zero-day vulnerability in Email Security Gateway

On May 20, Barracuda Networks issued a patch for a zero day vulnerability in its Email Security Gateway ESG appliance. The vulnerability existed in a module which initially screens the attachments of incoming emails, and was discovered on May 19. Barracuda's investigation showed that the...

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products

VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 CVSS score: 9.8, concerns an authentication bypass that...

Barracuda Network Access Client 授权问题漏洞

Barracuda Networks Barracuda Network Access Client is a suite of Windows-only applications from Barracuda Networks, Inc. It is used to control network and Vpn client access based on rules and policies. An authorization issue vulnerability exists in Barracuda Network Access Client, which arises fr...

Gigabyte Allegedly Hit by AvosLocker Ransomware

The AvosLocker ransomware gang is claiming that it breached tech giant Gigabyte and has leaked a sample of what it claims are files stolen from the Taiwanese company’s network. It’s offering to sell the rest. On Wednesday, the gang posted a “press release” announcing that it had purportedly gutte...

Barracuda MAS - (ldap_load_entry.cgi) XSS Vulnerability

Document Title: =============== Barracuda MAS - ldaploadentry.cgi XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2168 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20369 CVE-ID: ======= CVE-2018-20369 Release Date:...

Barracuda MAS - (ldap_load_entry.cgi) XSS Vulnerability

Document Title: =============== Barracuda MAS - ldaploadentry.cgi XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2168 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20369 CVE-ID: ======= CVE-2018-20369 Release Date:...

Barracuda Cloud 3.0.020 - Contents Persistent Vulnerability

Document Title: =============== Barracuda Cloud 3.0.020 - Contents Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=782 Release Date: ============= 2018-07-24 Vulnerability Laboratory ID VL-ID: ====================================...

Barracuda Cloud 3.0.020 - Persistent XSS Vulnerability

Document Title: =============== Barracuda Cloud 3.0.020 - Persistent XSS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=782 Release Date: ============= 2018-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 782...

Barracuda Cloud ESS 2.x - Multiple Cross Site Vulnerabilities

Document Title: =============== Barracuda Cloud ESS 2.x - Multiple Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=742 Barracuda Networks Security ID: BNSEC-671 Release Date: ============= 2018-07-23 Vulnerability Laboratory ID...

Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability

Document Title: =============== Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=662 Release Date: ============= 2018-07-18 Vulnerability Laboratory ID VL-ID: ===================================...

Barracuda Cloud Control 7.1.1.003 - Cross Site Vulnerability

Document Title: =============== Barracuda Cloud Control 7.1.1.003 - Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1992 Release Date: ============= 2018-07-17 Vulnerability Laboratory ID VL-ID:...