CISA warned of a newly patched zero-day vulnerability exploited last week to hack Barracuda Email Security Gateway (ESG) appliances.
Barracuda says its security solutions are used by more than 200,000 organizations worldwide, including leading companies like Samsung, Mitsubishi, Kraft Heinz and Delta Airlines.
The US Cybersecurity Agency also added the bug (CVE-2023-2868) to its catalog of security vulnerabilities exploited in the wild based on this evidence of active exploitation.
Federal Civilian Executive Branch (FCEB) agencies are to patch or mitigate the vulnerability as directed by BOD 22-01 binding operational directive.
However, this is no longer necessary since Barracuda already patched all vulnerable devices by applying two security patches over the weekend.
“Based on our investigation to date, we have identified that the vulnerability results in unauthorized access to a subset of email gateway appliances,” Barracuda said.
“As part of our containment strategy, all ESG appliances received a second patch on May 21, 2023.”
Affected customers have been urged to check for network breaches
The company said the investigation into compromised appliances was limited to its ESG product and advised affected customers to review their environments to ensure attackers did not have access to other devices on their network.
Therefore, federal agencies should also take the CISA alert as a warning to check their networks for signs of intrusion.
While only US federal agencies are required to fix bugs added to CISA’s Known Exploited Vulnerabilities (KEV) list, private companies are also strongly recommended to prioritize their fix.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said. said.
On Monday, federal agencies were warned to secure iPhones and Macs in their environment against three days zero iOS and macOSone flagged by Google TAG and Amnesty International security researchers and likely exploited in state-sponsored spyware attacks.
A week ago, CISA also added a Samsung ASLR Bypass Fault to its KEV catalog, abused as part of an exploit chain to deploy a suite of spyware on Samsung mobile devices running Android 11, 12 and 13.