16 matches found
Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom
A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway ESG appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which i...
FBI confirms Barracuda patch is not effective for exploited ESG appliances
In an FBI Flash about a Barracuda ESG vulnerability, listed as CVE-2023-2868, the FBI has stated that the patches released by Barracuda in response to this CVE were ineffective for anyone previously infected. Although both Barracude and Mandiant have already made this determination, the agency sa...
CISA Releases IOCs Associated with Malicious Barracuda Activity
CISA has released additional indicators of compromise IOCs associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway ESG Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this...
Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches
The U.S. Federal Bureau of Investigation FBI is warning that Barracuda Networks Email Security Gateway ESG appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective"...
Compromised Barracuda appliances equipped with persistent backdoors by attackers
The Cybersecurity and Infrastructure Security Agency CISA has published three malware analysis reports based on malware variants associated with the exploitation of a known vulnerability in Barracuda ESG appliances. The Common Vulnerabilities and Exposures CVE database lists publicly disclosed...
Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway ESG appliances. "SUBMARINE comprises multiple artifacts — includin...
Barracuda Email Security Gateway < 9.2.0.008 Command Injection (CVE-2023-2868)
According to its self-reported version, the Barracuda Email Security Gateway on the remote web server is 9.2.0.008. It is, therefore, affected by a command injection vulnerability in the processing of .tar files that could allow a remote, unauthenticated attacker to execute arbitrary commands wit...
Exploit for Improper Input Validation in Barracuda Email_Security_Gateway_300_Firmware
CVE-2023-2868: Barracuda ESG Command Injection For full...
Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway
A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway ESG appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic o...
Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway
A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway ESG appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic o...
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months
Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway ESG appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-286...
[updated] Barracuda Networks patches zero-day vulnerability in Email Security Gateway
On May 20, Barracuda Networks issued a patch for a zero day vulnerability in its Email Security Gateway ESG appliance. The vulnerability existed in a module which initially screens the attachments of incoming emails, and was discovered on May 19. Barracuda's investigation showed that the...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-2868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...
Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway ESG appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection...
CVE-2023-2868
creationtimestamp| type| source ---|---|--- 2023-05-24 22:27:13+00:00| seen| https://t.me/cibsecurity/64708 2023-05-25 09:47:41+00:00| exploited| https://t.me/CyberSecurityIL/23670 2023-05-25 12:46:11+00:00| exploited| https://t.me/ctinow/114122 2023-05-25 14:40:48+00:00| exploited|...
CVE-2023-2868
CVE-2023-2868 affects Barracuda Email Security Gateway (ESG) Appliance versions 5.1.3.001–9.2.0.006. It is due to incomplete sanitization of a user-supplied .tar archive, enabling remote command execution via Perl's qx with the appliance privileges. Barracuda fixed it in patch BNSF-36456 (auto-ap...