Updated: Jul 11
Network security vendor Barracuda Networks is urging customers to replace its Email Security Gateway (ESG) devices rather than patching them due to a zero-day vulnerability and a sprawling malware threat. The advisory has been posted to the company’s website.
Barracuda initially issued a patch for the vulnerability, which affected its ESG appliances responsible for scanning incoming and outgoing emails for malware.
However, the company later discovered evidence of data exfiltration and persistent backdoor access on some systems. As a result, Barracuda is now recommending the wholesale replacement of affected ESG appliances. Experts believe that the malware compromised the firmware, making it difficult to remove and indicating the involvement of a state actor. Barracuda customers are advised to rotate credentials and check for signs of compromise since October 2022.
For questions or support, contact us at: 1 (866) 803-0700