Barracuda warns of e-mail gateways breached by way of zero-day flaw



Barracuda, an organization recognized for its e-mail and community safety options, warned prospects at the moment that a few of their E mail Safety Gateway (ESG) home equipment had been breached final week by concentrating on a now-patched zero-day vulnerability.

On Friday, Might 19, a vulnerability was found within the e-mail attachment scanning module. The problem was addressed by making use of two safety patches on Might 20 and 21.

Whereas the flaw was patched over the weekend, Barracuda warned on Tuesday that a few of its prospects’ ESG home equipment had been compromised by exploiting the now-patched safety bug.

“Primarily based on our investigation up to now, we have recognized that the vulnerability resulted in unauthorized entry to a subset of e-mail gateway home equipment,” the corporate stated.

“Customers whose home equipment we consider had been impacted have been notified by way of the ESG consumer interface of actions to take. Barracuda has additionally reached out to those particular prospects.

The corporate’s different merchandise, together with SaaS e-mail safety providers, had been unaffected by this vulnerability.

Prospects requested to verify networks for intrusions

Barracuda stated the investigation was restricted to its ESG product and never the shoppers’ company networks. Due to this fact, the corporate advises impacted organizations to evaluation their environments to substantiate the risk actors didn’t unfold to different units on the community.

“If a buyer has not obtained discover from us by way of the ESG consumer interface, we have now no cause to consider their setting has been impacted right now and there are not any actions for the client to take,” Barracuda informed BleepingComputer.

A spokesperson for Barracuda did not reply to a subsequent e-mail asking for extra particulars concerning the variety of affected prospects or if their knowledge was impacted after their ESG home equipment had been breached.

At the moment, Barracuda additionally addressed a login challenge affecting E mail Gateway Protection (EGD) home equipment and a buggy spam scoring rule that led to buyer emails being blocked incorrectly.

Barracuda says its enterprise-grade safety options are actually utilized by over 200,000 organizations worldwide, together with Samsung, Mitsubishi, Kraft Heinz, Delta Airways, and different high-profile corporations.