Barracuda, a company known for its email and network security solutions, today warned customers that some of their Email Security Gateway (ESG) appliances were hacked last week targeting a now patched zero-day vulnerability.

On Friday, May 19, a vulnerability was discovered in the attachment scanning module. The issue was resolved by applying two security patches on May 20 and 21.

While the flaw was patched over the weekend, Barracuda warned on Tuesday that some of its customers’ ESG appliances were compromised by exploiting the now patched security bug.

“Based on our investigation to date, we have identified that the vulnerability results in unauthorized access to a subset of email gateway appliances,” the company said. said.

“Users whose devices we believe have been impacted have been notified through the ESG UI of the action to be taken. Barracuda has also reached out to these specific customers.

The company’s other products, including SaaS email security services, were not affected by this vulnerability.

Customers asked to check networks for intrusions

Barracuda said the investigation was limited to its ESG product and not to customers’ corporate networks. Therefore, the company advises affected organizations to review their environments to confirm that the threat actors have not spread to other devices on the network.

“If a customer has not received notification from us through the ESG UI, we have no reason to believe that their environment has been impacted at this time and the customer has no action to take,” Barracuda told BleepingComputer.

A Barracuda spokesperson did not respond to a later email asking for more details about the number of customers affected or whether their data was affected after their ESG appliances were breached.

Today, Barracuda too address a connection issue affecting Email Gateway Defense (EGD) appliances and a buggy spam scoring rule that resulted in incorrect blocking of customer emails.

Barracuda says its enterprise-grade security solutions are now used by more than 200,000 organizations worldwide, including Samsung, Mitsubishi, Kraft Heinz, Delta Airlines and other leading companies.

Source link