Subscribe

Barracuda asks customers to replace vulnerable Email Security Gateway

June 13, 2023

Barracuda Networks has informed customers to immediately decommission and replace any Email Security Gateway (ESG) appliances that may be affected by a critical security vulnerability. The vulnerability, which has been assigned the CVE-2023-2868 identifier, allows attackers to remotely execute arbitrary system commands on affected devices.

Barracuda estimates that approximately 5% of active ESG appliances worldwide are affected by the vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has also issued an advisory about the vulnerability and has urged organizations to take immediate action to mitigate the risk.

According to a report by Rapid7, malicious actors have been exploiting the CVE-2023-2868 vulnerability since November 2022. But Barracuda did not disclose the specific reason for its recommendation to replace affected ESG appliances instead of patching them.

The advisory also mentions several strains of malware, including Saltwater, SeaSpy, and Seaside, that were used to exploit the bug, granting hackers unauthorized access and the ability to carry out various actions on victim networks.

The sources for this piece include an article in TheRecord.

Top Stories

Apple reportedly taps Google Gemini and Nvidia Blackwell Chips for new Siri

Researchers warn AI coding agents can be manipulated through hidden skill files

Amazon shuts down internal AI leaderboard after employees found ways to game the system

Google CEO pushes back on ‘Google Zero’ fears 

Tesla insiders say they wouldn’t trust Full Self-Driving

Meta cuts jobs as it doubles down on AI

Related Articles

New ‘HTTP/2 Bomb’ attack can crash major web servers from a single computer

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

CISA exposed internal passwords and cloud keys in public repository

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

Canvas restores service after cyberattack disrupted schools and universities

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Security researcher finds extensive tracking and security concerns inside White House mobile app

May 6, 2026 The official White House mobile app for iOS and Android is facing scrutiny after a security researcher more...

Picture of TND Newsdesk

TND Newsdesk

Picture of TND Newsdesk

TND Newsdesk

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn