42 matches found
Libraesva Email Security Gateway (ESG) Web UI Detection
Binary data libraesvaemailsecuritygatewaydetect.nbin...
EUVD-2015-2855
Malware in sbrugna...
EUVD-2015-2792
Malware in sbrugna...
Libraesva Email Security Gateway Command Injection Vulnerability
Libraesva Email Security Gateway ESG contains a command injection vulnerability which allows command injection via a compressed e-mail attachment...
Libraesva Email Security Gateway 安全漏洞
Libraesva Email Security Gateway is an email security gateway from Libraesva Italy. A security vulnerability exists in Libraesva Email Security Gateway versions prior to 4.5 to 5.5.7, which stems from improper handling of compressed email attachments and can lead to command injection attacks...
PT-2025-34239
Name of the Vulnerable Software and Affected Versions: SpamTitan Email Security Gateway versions 8.00.0 through 8.00.100 SpamTitan Email Security Gateway versions 8.01.0 through 8.01.13 Description: The quarantine.php file within the SpamTitan interface allows unauthenticated users to trigger...
I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies
I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies. Last year, 74 vulnerabilities were classified as trending to compare the scale, just over 40,000 were added to NVD in 2024. All trending vulnerabilities are found in Western commercial products and...
Fortinet FortiMail Access Control Error Vulnerability
Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides email security and data protection features. An Access Control Error vulnerability exists in Fortinet FortiMail that stems from improper access control...
Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances
Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway ESG appliances to deploy backdoors on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and...
Chinese Hacking Group Exploits Barracuda Zero-Day
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chinese-linked hacking group, tracked as UNC4841, has prominently directed its efforts towards infiltrating and compromising various entities in recent attacks. These offensives were particularly...
Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents
A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-leve...
CISA Releases IOCs Associated with Malicious Barracuda Activity
CISA has released additional indicators of compromise IOCs associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway ESG Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this...
CISA Order Highlights Persistent Risk at Network Edge
The U.S. government agency in charge of improving the nations cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely...
Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway
A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway ESG appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic o...
Barracuda Networks Releases Update to Address ESG Vulnerability
Barracuda Networks has released an update to their advisorylink is external addressing a vulnerability—CVE-2023-2868—in their Email Security Gateway Appliance ESG. According to Barracuda, customers should replace impacted appliances immediately. CISA urges organizations to review the Barracuda...
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
Its not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda...
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway ESG appliances dating back to at least November 2022. As of June 6, 2023, as part of an ongoing product incident response, Barracuda is urging ESG customers to immediately...
The Bug Report - May 2023 Edition
The Bug Report – May 2023 Edition By Mark Bereza · June 7, 2023 Why am I here? In the film The Number 23, Jim Carrey masterfully portrays Walter Sparrow, a man who finds himself obsessed with the number 23 after coming upon a book detailing the 23 enigma, and begins to see it everywhere he looks,...
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months
Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway ESG appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-286...
[updated] Barracuda Networks patches zero-day vulnerability in Email Security Gateway
On May 20, Barracuda Networks issued a patch for a zero day vulnerability in its Email Security Gateway ESG appliance. The vulnerability existed in a module which initially screens the attachments of incoming emails, and was discovered on May 19. Barracuda's investigation showed that the...