A zero-day vulnerability in Barracuda Networks’ email security appliances allowed hackers to exploit and steal data from organizations for several months. The vulnerability, known as CVE-2023-2868, affected Email Security Gateway (ESG) appliances versions 5.1.3.001 through 9.2.0.006. Barracuda discovered the attacks on May 18 and patched the vulnerability on May 20.
The attackers used the vulnerability to deploy three types of malware: SaltWater, SeaSpy, and Seaside. Barracuda has shared indicators of compromise and advised affected customers to update their devices and replace compromised appliances.
Read More: Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.