Barracuda, a leading network security solutions provider, issued a warning to its customers about a recent breach affecting some of its Email Security Gateway (ESG) appliances.
Threat actors exploited a zero-day vulnerability, tracked as CVE-2023-2868, found in the module responsible for screening email attachments. Barracuda promptly addressed the issue by releasing security patches on May 20 and 21.
Given the widespread use of Barracuda’s Email Security Gateway appliances by hundreds of thousands of organizations worldwide, the breach has the potential for significant impact. However, Barracuda clarified that its SaaS email security services remained unaffected by this vulnerability, reassuring customers.
After investigating the flaw, Barracuda determined that the breach targeted a subset of email gateway appliances. The company promptly notified affected customers through the ESG user interface and provided guidance on necessary actions.
However, Barracuda emphasized that the investigation focused solely on its ESG product, urging impacted organizations to review their networks to identify any potential compromises beyond the email gateway appliances.
To mitigate risks and ensure comprehensive security, Barracuda encouraged affected organizations to assess their entire network environment, as the breach might have implications beyond the Email Security Gateway appliances.
By addressing the vulnerability swiftly and proactively communicating with customers, Barracuda aims to protect organizations from further exploitation and potential data breaches.