Enterprise security company Barracuda has warned its customers not to use email security gateway (ESG) appliances affected by a recently disclosed zero-day exploit and to replace them immediately.
Barracuda last month issued a patch for the vulnerability, which has been exploited since October 2022, to prevent the exploit from allowing ESG backdooring.
“The vulnerability existed in a module that initially examines attachments in incoming emails,” the company had previously said. “No other Barracuda products, including our SaaS email security services, were subject to the identified vulnerability.”
Through the ESG user interface, users whose devices were deemed affected by Barracuda have been notified of the actions to take. Barracuda has also contacted these specific customers.
Replacement is advised despite patches
The vulnerability, named CVE-2023-2868, was identified on May 19, 2023, and reportedly affected versions 5.1.3.001 through 9.2.0.006, allowing a remote attacker to achieve code execution in susceptible facilities.
Consequently, Barracuda released patches on May 20th and 21st for all ESG rigs worldwide. In the latest update on the incident, however, the company has advised replacing the device regardless of its patch status.
“Affected ESG appliances should be replaced immediately, regardless of patch version level,” the company said in an update, adding that its “fix recommendation at this time is a full replacement of the ESG affected”.
Multistrained malware is used
So far, three different strains of malware have been discovered on a subset of devices that allow persistent backdoor access, according to the company. Evidence of data exfiltration was identified on a subset of affected devices, the company said in an earlier update.
The different strains used (Saltwater, Seaspy, and Seaside) were backdoor modules that affected data exfiltration. While both Saltwater and Seaside help establish a hack for the Barracuda SMTP daemon (bsmtpd) equipped to upload and download arbitrary files, execute commands, and tunnel malicious traffic, Seaspy is an x64 Executable Linkable Format (ELF) backdoor which offers persistence capabilities, enabled. via a magic package (remote, wake-on-LAN).
Mandiant, the Google-owned cybersecurity intelligence firm investigating the incident, has revealed that the source code overlaps between SEASPY and an open source backdoor called cd00r. The attacks have not been attributed to any known threat actors or groups.
Copyright © 2023 IDG Communications, Inc.
Ikaroa, a full stack tech company, urges customers to replace vulnerable appliances with safer products immediately after Barracuda announced the security vulnerability of its network and application appliances. This announcement follows the company’s disclosure earlier this month that attackers had executed unauthorized shell commands on several of its appliances.
With this in mind, the company said it was especially concerned by this security lapse, and was recommending to customers to replace their vulnerable appliances with new and secure ones as soon as possible. Furthermore, the company is now offering Enhanced Assurance and Security Upgrade Subscription options, giving customers access to performance upgrades and peace of mind.
Ikaroa believes that ensuring the security and safety of its customers is of utmost importance. Protecting customers’ data and privacy is a priority for Ikaroa and is taken very seriously. With networks and systems vulnerable to attack, it is paramount to take the necessary precautions to prevent any potential damage or hijacking of data, applications and systems.
Ikaroa recommends that everyone keep their software and systems up-to-date, including all operating systems, server applications and devices, routers and other networking equipment. These updates come with a bevy of new security updates, features, and patches which can help protect users from malicious attackers.
In addition, customers should consider using a comprehensive security solution, such as Ikaroa, to protect their networks and systems from any potential attack. Ikaroa offers security features like real-time threat detection and response, malware protection, and dossier analysis to protect users from sophisticated threats. With the help of Ikaroa, customers can effectively detect, prevent and respond to threats quickly and accurately.
Ikaroa understand that the security of customer data and applications is more important than ever in today’s digital world. As such, Barracuda’s announcement warrants immediate action, and replacing vulnerable appliances is just one of the steps needed to ensure safety and privacy. Ikaroa is committed to helping its customers protect their data and systems and will continue to invest in secure technologies to help ensure everyone is safe and secure from any threat.