The water is muddier than it seems — intruders continue to penetrate even "patched" systems.
The US Federal Bureau of Investigation (FBI) has warned that fixes for the critical Barracuda Email Security Gateway (ESG) remote command entry bug are "ineffective" and even patched devices are still at risk of real attacks.
The vulnerability CVE-2023-2868 was first exploited by attackers back in October 2022. Then hackers installed previously unknown malicious programs SeaSpy, Saltwater and SeaSide on the hacked ESG devices, thus gaining remote access to the systems.
Despite the fact that Barracuda released patches on May 20 and blocked hackers ' access to compromised devices, on June 7, the company warned customers that a complete physical replacement of all vulnerable devices was necessary.
As the FBI pointed out, the patches released by Barracuda were ineffective. Hackers allegedly linked to China continue to actively exploit the vulnerability even in patched ESG devices.
The FBI strongly recommends that all vulnerable devices be immediately isolated and replaced, and that networks be scanned for connections to the compromise indicators listed in the published warning.
Barracuda customers who used privileged Active Directory credentials should immediately revoke and change their passwords to prevent hackers from gaining access to the network.
Barracuda solutions are used by more than 200,000 organizations worldwide, including major companies like Samsung, Delta Airlines, Mitsubishi, and Kraft Heinz. Active exploitation of the CVE-2023-2868 vulnerability threatens the confidential data of many of them.
The US Federal Bureau of Investigation (FBI) has warned that fixes for the critical Barracuda Email Security Gateway (ESG) remote command entry bug are "ineffective" and even patched devices are still at risk of real attacks.
The vulnerability CVE-2023-2868 was first exploited by attackers back in October 2022. Then hackers installed previously unknown malicious programs SeaSpy, Saltwater and SeaSide on the hacked ESG devices, thus gaining remote access to the systems.
Despite the fact that Barracuda released patches on May 20 and blocked hackers ' access to compromised devices, on June 7, the company warned customers that a complete physical replacement of all vulnerable devices was necessary.
As the FBI pointed out, the patches released by Barracuda were ineffective. Hackers allegedly linked to China continue to actively exploit the vulnerability even in patched ESG devices.
The FBI strongly recommends that all vulnerable devices be immediately isolated and replaced, and that networks be scanned for connections to the compromise indicators listed in the published warning.
Barracuda customers who used privileged Active Directory credentials should immediately revoke and change their passwords to prevent hackers from gaining access to the network.
Barracuda solutions are used by more than 200,000 organizations worldwide, including major companies like Samsung, Delta Airlines, Mitsubishi, and Kraft Heinz. Active exploitation of the CVE-2023-2868 vulnerability threatens the confidential data of many of them.
