Source: grahamcluley.com – Author: Graham Cluley
The URL should have given away that things were serious.
https://www.barracuda.com/company/legal/esg-vulnerability
And then there was the very keen attempt to underline the firm’s commitment to securing your data… they definitely didn’t want you to miss that.
We are committed to securing your data
The big friendly letters reminded me – rather aptly – of the famous words “Don’t panic!” on the front of the “HitchHiker’s Guide to the Galaxy”…
But if you were feeling a sense of panic, I probably couldn’t blame you, because security firm Barracuda Networks is warning people of a security vulnerability in its Email Security Gateway (ESG) appliance.
But more than that, Barracuda is taking the unusual step for a network security vendor of telling its customers to physically remove and decommission its hardware.
ACTION NOTICE: Impacted ESG appliances must be immediately replaced regardless of patch version level. If you have not replaced your appliance after receiving notice in your UI, contact support now ([email protected]).
Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG.
That’s right. Barracuda is not telling you to apply a patch to the appliance that scans your incoming and outgoing email for malware. They want you to rip it out and replace it instead.
Clearly hackers have managed to exploit security vulnerabilities on the Barracuda Email Security Gateway appliance to such an extent that any patch simply isn’t up to the job of kicking them out.
There are likely to be 10,000+ Barracuda ESG appliances in use around the world. And it appears malicious exploitation of vulnerable Barracuda ESG appliances has been taking place since at least October 2022.
No wonder Barracuda is getting some legal advice on how to communicate this to its customers.
“Don’t panic?”
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy.
Follow him on Twitter, Mastodon, Bluesky, or drop him an email.
Original Post URL: https://grahamcluley.com/barracuda-immediately-rip-out-and-replace-our-security-hardware/
Category & Tags: Malware,Security threats,Vulnerability,Barracuda,email appliance,vulnerability – Malware,Security threats,Vulnerability,Barracuda,email appliance,vulnerability
