uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-05-31 23:25:59

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Hackers have been exploiting a flaw in the Barracuda Email Security

nsiUlUf.png
An enterprise security company called Barracuda revealed on Tuesday that threat actors had been using its Email Security Gateway (ESG) appliances since October 2022 to backdoor the systems due to a recently patched zero-day vulnerability.

The most recent information indicates that the critical vulnerability, identified as CVE-2023-2868 (CVSS score: N/A), had been actively exploited for at least seven months prior to its discovery.

The vulnerability affects version 5.1 and was discovered by Barracuda on May 19, 2023. 3 through 9. 0.006 and might make it possible for a remote attacker to execute code on vulnerable installations. On May 20 and May 21, Barracuda released patches.

The network and email security company noted in an updated advisory that "CVE-2023-2868 was utilized to obtain unauthorized access to a subset of ESG appliances.".

"Malware was found on a portion of the appliances, allowing for persistent backdoor access. On a portion of the impacted appliances, data exfiltration evidence was found. ".

There are currently three different malware strains known to exist.

SALTWATER is a trojanized module for the Barracuda SMTP daemon (bsmtpd) that can upload or download arbitrary files, run commands, and proxy and tunnel malicious traffic to avoid detection.
An x64 ELF backdoor with persistence features that is activated by a magic packet is called SEASPY.
When SMTP HELO/EHLO commands are sent via the malware's command-and-control (C2) server, a Lua-based module for bsmtpd called SEASIDE creates reverse shells.
cd00r, an open source backdoor, and SEASPY have been found to share source code, claims Google-owned Mandiant, which is looking into the incident. There is no established threat actor or group that is responsible for the attacks.


The U.
S.
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its list of "Known Exploited Vulnerabilities" (KEV) and urged federal agencies to fix it by June 16, 2023.

Barracuda did not say how many businesses had their security breached, but they did say that they were contacted directly and given mitigation advice. It also cautioned that the investigation might turn up more users who may have been impacted.

Offline

Board footer

Powered by FluxBB