The FBI has issued an pressing warning concerning Barracuda Community’s E-mail Safety Gateway (ESG) units, saying they’re nonetheless weak to a zero-day exploit.
Barracuda recognized a vulnerability in its ESG units in late Could. Whereas the corporate issued fixes in an effort to handle the flaw, the FBI says the fixes are “ineffective” and the units are nonetheless weak to assault.
The FBI introduced its findings in an FBI Flash:
As part of the FBI investigation into the exploitation of CVE-2023-2868, a zero day vulnerability in Barracuda Community’s E-mail Safety Gateway (ESG) home equipment, the FBI has independently verified that each one exploited ESG home equipment, even these with patches pushed out by Barracuda, stay in danger for continued laptop community compromise from suspected PRC cyber actors exploiting this vulnerability.
Barracuda is now advising clients to utterly exchange the units as quickly as attainable:
Barracuda’s advice is unchanged. Prospects ought to discontinue use of the compromised ESG equipment and speak to Barracuda assist ([email protected]) to acquire a brand new ESG digital or {hardware} equipment.
Given the severity of the problem, customers of the impacted Barracuda ESG units ought to contact the corporate instantly to get a alternative.
Within the meantime, clients can study extra right here.
