Barracuda warns of a zero-day bug in the email portal

Barracuda, a provider of email and network security solutions, has warned customers that some of its Email Security Gateway (ESG) devices were breached last week due to a previously patched zero-day vulnerability. On Friday, the 19th, the company discovered a flaw in the email attachment validation module. The issue was resolved with two security patches on the 20th and 21st.

While the flaw was patched over the weekend, Barracuda warned on Tuesday that some of its ESG customers’ devices had been compromised using a security flaw that has now been fixed. “Based on our investigation to date, we have determined that the vulnerability resulted in unauthorized access to an email gateway subsystem,” the company said.

“Users whose devices we believe were affected were notified via the ESG user interface of the actions to be taken,” Barracuda said, noting that it has also reached out to those specific customers.

The company’s other products, including SaaS email security services, were not affected by this impact.

Look at this
The Qbot campaign uses malware to hijack commercial emails
A useful Exchange Online feature to block malicious emails

The company said the investigation is limited to its ESG product and not to corporate networks of clients. Therefore, the company advises affected organizations to review their environment to ensure that threat actors have not spread to other devices on the network. “If the customer has not received a notification from us through the ESG user interface, we have no reason to believe that their environment is compromised at this time and there is no action for the customer to take,” said Barracuda.

The security solutions provider also addressed a login issue affecting Email Gateway Defense (EGD) devices and an error scoring algorithm that caused customer emails to be blocked incorrectly. Barracuda says its enterprise-grade security solutions are now used by more than 200,000 organizations worldwide, including Samsung, Mitsubishi, Kraft Heinz, Delta Airlines and others.