A critical Barracuda security backdoor has been exploited for months, so patch now

Hackers have been exploiting a Barracuda zero-day since October 2022

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers have been exploiting a zero-day vulnerability in a Barracuda Networks product over several months to target countless organizations with numerous pieces ofmalware, reports have claimed.

The company said it has patched a critical vulnerability tracked as CVE-2023-2868, which had been used by threat actors since October 2022. Theemailsoftware in question is called Barracuda Email Security Gateway (ESG), with versions between 5.1.3.001 and 9.2.0.006 being vulnerable.

“Users whose appliances we believe were impacted have been notified via the ESG user interface of actions to take,” the company said in asecurity advisory. “Barracuda has also reached out to these specific customers. Additional customers may be identified in the course of the investigation.”

Three malware families

So far, Barracuda says it has spotted threemalwarefamilies being distributed via the zero-day: Saltwater, Seaside, and Seaspy.

The former allows threat actors to download and upload files, and run commands, among other things. Seaside is a persistence backdoor, while the latter is used to receive a C2 IP address and port to establish a reverse shell.

To make sure your organization is safe, you should do the following:

Most ransomware payments go on to fund many further attacks>That Dropbox link in your inbox could be a scam>Check out the best endpoint protection solutions right now

Finally, organizations should review their network logs and look for possible indicators of compromise or unknown IP addresses.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

According to the National Vulnerability Database, the flaw is a remote command injection vulnerability arising as the appliance fails to comprehensively sanitize the processing of .tar files (tape archives). In other words, formatting file names in a specific way allows the attackers to execute system commands.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Trying to get the AMD Ryzen 7 9800X3D CPU? It seems only scalpers have it and they’re jacking up the price