December 27, 2023 at 08:24AM Chinese threat actors exploited a new zero-day in Barracuda’s Email Security Gateway appliances, deploying backdoors on a limited number of devices. The issue, tracked as CVE-2023-7102, allowed arbitrary code execution via a third-party library. Barracuda released a security update and remediated compromised appliances. This highlights the adaptability of the threat … Read more
December 27, 2023 at 06:56AM Barracuda deployed remote patches on December 21 to address a zero-day vulnerability in its Email Security Gateway (ESG) appliances exploited by Chinese hackers. A subsequent wave of security updates targeted compromised appliances. The vulnerability, tracked as CVE-2023-7102, is attributed to a weakness in a third-party library. The company reassured customers … Read more
December 27, 2023 at 06:12AM China-linked hackers are persistently targeting Barracuda Email Security Gateway (ESG) appliances. In May 2023, a zero-day vulnerability, CVE-2023-2868, was used to deliver malware and steal data, attributed to cyberespionage group UNC4841. Subsequently, a new zero-day vulnerability, CVE-2023-7102, impacting the ‘Spreadsheet::ParseExcel’ library, was exploited to deliver new malware variants. Barracuda issued … Read more