Barracuda Networks has announced that a zero-day vulnerability was used in attacks against its email security gateway appliance customers. The network security vendor discovered the flaw on May 19 and disclosed it on Tuesday this week. A patch was released on May 20 and a second one on May 21 to address indicators of potential compromise, a spokesperson for the company said. The full extent of the breach has not been made clear so far, as the company has remained tight-lipped on the issue and has declined to comment on the number of customers affected.
The vulnerability, tracked as CVE-2023-2868, existed in a module that initially screens the attachments of incoming emails, according to Barracuda’s website advisory. The advisory states that no other Barracuda products are subject to the flaw. However, researchers at NIST have cautioned that an input validation issue for user-supplied TAR files can allow unauthorized users to gain remote access.
The advisory also states that the flaw “resulted in unauthorized access to a subset of email gateway appliances.” The company has notified the customers whose appliances were impacted and has suggested that they review their environments and determine any additional actions they want to take.
Barracuda has shared a statement which provides some additional details. The statement clarified that a “small subset” of appliances were affected rather than a “subset” like the public-facing advisory claimed. The spokesperson noted that if a customer had not received a notice via the ESG user interface, Barracuda has “no reason to believe their environment has been impacted at this time and there are no actions for the customer to take.”
The company has apologized for the “inconvenience it may cause,” and emphasized that it is working to address the issue. The nature and severity of the vulnerability remains unclear. The advisory suggests the security flaw was a result of a module screening attachments of incoming emails, while NIST warns of the potential for unauthorized access through input validation issues for user-supplied TAR files.
News of the breach comes amid concerns over the growing number of cybersecurity threats facing businesses. The recent Colonial Pipeline hack was one of the most high-profile attacks in recent months. The ransomware attack forced the pipeline company to shut down its services across the US. The attack also highlighted the vulnerability of infrastructure to cybercriminals. The number of ransomware attacks has surged during the Covid-19 pandemic, with cybercriminals capitalizing on the shift to remote working and the increasing use of online platforms.
Businesses have been urged to take cybersecurity seriously. Experts warn that a single cyber attack can take a company offline, endanger customer data and in some cases lead to the collapse of the business. As such, it is imperative that businesses maintain adequate cybersecurity policies, conduct regular security tests and implement best practices around password protection, software updates and patching. Regular training programs for employees can also help to minimize risks of human error that can lead to security breaches.
In conclusion, the disclosure of a zero-day vulnerability at Barracuda Networks highlights the risks of cyber attacks faced by businesses. While the extent of the breach remains unclear, it is clear that the digital threat landscape is rapidly evolving and businesses that fail to prioritize cybersecurity risk exposing themselves to significant risks.