Threat Actors Compromise Barracuda Email Security Appliances

The company's ESG appliances were breached, but their other services remain unaffected by the compromise.

Dark Reading Staff, Dark Reading

May 24, 2023

1 Min Read
concept photo of a shattered metal lock separating into pieces
Source: sdecoret via Adobe Stock Photo

Email and network security solutions company Barracuda Networks is warning customers that threat actors have targeted its email security gateway (ESG) appliances for compromise, by way of an email attachment scanning module.

The issue, discovered on May 19, has since been addressed through two security patches applied worldwide on May 20 and 21, though Barracuda still warned its customers on May 23 that some of the ESG appliances remain compromised. In its investigation, the company found that the vulnerability "resulted in unauthorized access to a subset of email gateway appliances," though its other products, such as the software-as-a-service (SaaS) email security services, were not affected.

Because the investigation was limited specifically to the ESG, the company encourages those that have been affected to assess their network environments to ensure that their other devices on the network have not also been compromised.

Barracuda continues to monitor the situation and users who have been impacted have been notified through ESG appliances of what their next steps should be.

"If a customer has not received notice from us via the ESG user interface," the company said, "we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take."

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights