Immediate replacements urged for compromised Barracuda ESG appliances

Organizations whose Barracuda Email Security Gateway appliances were compromised with an already-addressed zero-day vulnerability, tracked as CVE-2023-2868, have been warned by Barracuda Networks to immediately replace their affected appliances, BleepingComputer reports. "Impacted ESG appliances must be immediately replaced regardless of patch version level. Barracuda's remediation recommendation at this time is full replacement of the impacted ESG," said Barracuda, which did not provide more details on the reason behind the need for total ESG replacement. Analysis revealed by Barracuda revealed that the security flaw, which was patched on May 20, had been leveraged by attackers since October to compromise certain ESG appliances with the Saltwater malware. Threat actors have also deployed the malicious SeaSide tool to enable reverse shells through SMTP HELO/EHLO commands, with the compromise enabling data exfiltration efforts. Such a flaw has also been added by the Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities catalog.