Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Barracuda Email Security Gateway Suffers Zero Day Attacks

May 31, 2023

Since October 2022, Barracuda Email Security Gateways (ESG) have experienced an active exploitation to install multiple pieces of malware designed to steal data as reported by Ars Technica. The device is compromised when formatted in a particular way for user-provided tar files. The attackers can then use the vulnerability to extract data from the infected networks. The vulnerability impacts Barracuda Email Security Gateway versions 5.1.3.001 through 9.2.0.006. Barracuda issued a patch several days ago to fix the problem. If you have an impacted device in your enforcement, Barracuda has recommended the following actions.

  1. Ensure your ESG appliance is receiving and applying updates, definitions, and security patches from Barracuda. Contact Barracuda support () to validate if the appliance is up to date.
  2. Discontinue the use of the compromised ESG appliance and contact Barracuda support () to obtain a new ESG virtual or hardware appliance.
  3. Rotate any applicable credentials connected to the ESG appliance:
    • Any connected LDAP/AD
    • Barracuda Cloud Control
    • FTP Server
    • SMB
    • Any private TLS certificates
  4. Review your network logs for any of the [indicators of compromise] and any unknown IPs. Contact if any are identified.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com