1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A critical Barracuda security backdoor has been exploited for mon

    From TechnologyDaily@1337:1/100 to All on Wed May 31 18:00:04 2023
    A critical Barracuda security backdoor has been exploited for months, so
    patch now

    Date:
    Wed, 31 May 2023 16:47:00 +0000

    Description:
    Hackers have been exploiting a Barracuda zero-day since October 2022,
    allowing them to steal files, and more.

    FULL STORY ======================================================================

    Hackers have been exploiting a zero-day vulnerability in a Barracuda Networks product over several months to target countless organizations with numerous pieces of malware , reports have claimed.

    The company said it has patched a critical vulnerability tracked as CVE-2023-2868, which had been used by threat actors since October 2022. The email software in question is called Barracuda Email Security Gateway (ESG), with versions between 5.1.3.001 and 9.2.0.006 being vulnerable.

    Users whose appliances we believe were impacted have been notified via the
    ESG user interface of actions to take, the company said in a security
    advisory . Barracuda has also reached out to these specific customers. Additional customers may be identified in the course of the investigation. Three malware families

    So far, Barracuda says it has spotted three malware families being
    distributed via the zero-day: Saltwater, Seaside, and Seaspy.

    The former allows threat actors to download and upload files, and run commands, among other things. Seaside is a persistence backdoor, while the latter is used to receive a C2 IP address and port to establish a reverse shell.

    To make sure your organization is safe, you should do the following: Read
    more

    Most ransomware payments go on to fund many further attacks


    That Dropbox link in your inbox could be a scam


    Check out the best endpoint protection solutions right now Update your ESG
    appliance, and make sure it is regularly patched Stop using the compromised ESG appliance Rotate ESG appliance credentials where possible, including any connected LDAP/AD, Barracuda Cloud Control, FTP Server, SMB, and any private TLS certificates. The company also invites all clients who believe they may have been targeted, to reach out to support via support@barracuda.com.

    Finally, organizations should review their network logs and look for possible indicators of compromise or unknown IP addresses.

    According to the National Vulnerability Database, the flaw is a remote
    command injection vulnerability arising as the appliance fails to comprehensively sanitize the processing of .tar files (tape archives). In other words, formatting file names in a specific way allows the attackers to execute system commands. These are the best firewalls today



    ======================================================================
    Link to news story: https://www.techradar.com/news/a-critical-barracuda-security-backdoor-has-been -exploited-for-months-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)