Barracuda Networks has recently discovered two zero-day vulnerabilities, CVE-2023-7102 and CVE-2023-7101, which were linked to the Spreadsheet::ParseExcel library. These vulnerabilities allowed threat actors to execute arbitrary code within the Barracuda Email Security Gateway Appliance (ESG) devices through malicious Excel email attachments. The first vulnerability, CVE-2023-7102, was investigated by the Barracuda security team in collaboration with Mandiant. It allowed threat actors to execute arbitrary code within the ESG appliance’s third-party library. Barracuda responded to the vulnerabilities by deploying a security update to all active ESGs, effectively addressing the vulnerabilities and protecting its users. The swift response demonstrated Barracuda’s commitment to fortifying its technology and staying ahead of state-sponsored threats. In addition to these vulnerabilities, Barracuda also identified new variants of SEASPY and SALTWATER malware on compromised ESG devices and deployed a patch to remediate compromised devices. The discovery and mitigation of these vulnerabilities highlight the importance of proactive cybersecurity measures in protecting devices and networks from exploitation.
Barracuda Vulnerabilities: A Proactive Response that Saves the Day!
Latest from Blog
TfL halts data feeds due to cyber-attack repercussions
TLDR: Transport for London is facing ongoing cyber-attack. They have cut live data feeds to travel apps and restricted access to online services. Transport for London (TfL) is currently dealing with the
Russian military hackers target US and global critical infrastructure
TLDR: Russian military hackers, specifically linked to GRU Unit 29155, are targeting critical infrastructure in the U.S. and globally through cyber attacks. The cyber actors aim to gather data for espionage, damage
Seattle’s south school district cancels Monday classes over cyberattack
TLDR: Highline Public Schools, a district south of Seattle, canceled classes on Monday due to a cyberattack. The district detected unauthorized activity on its technology systems and is working to restore and
Beware Iran cyber threat to US healthcare entities, federal agencies warn
TLDR: Federal agencies issue warning about Iran-based cyber threats targeting U.S. healthcare entities Main actors identified as “Pioneer Kitten” connected to the Government of Iran In a recent advisory issued by the
Code Blue Computing’s cybersecurity contest for nonprofits is now open
TLDR: Code Blue Computing has launched a cybersecurity contest for nonprofits called “Labor of Love” to provide a full cybersecurity makeover for one deserving nonprofit organization. The contest includes a comprehensive Cyber
2024’s Operation: US Army Special Forces Hackers on the Attack
TLDR: U.S. Army Special Forces hackers used disruptive cyber-tactics in Exercise Swift Response 2024 in Sweden. They hacked into Wi-Fi networks to gain access to target locations and control security systems. Article
Social Security hit hard: 272 million affected, you may be impacted
TLDR: A recent data leak exposed sensitive information of 272 million individuals, including Social Security Numbers. Hackers are selling the stolen data on black markets, posing risks of identity theft and fraud.
Catchy: Wicus Ross from Orange Cyberdefense Revealing Cyber Extortion Insights
TLDR: Orange Cyberdefense’s Wicus Ross discusses the cyber extortion trend, highlighting key insights from their report: Small businesses are four times more likely to be targeted by cyber attackers 75% of countries
FBI busts Russian and Kazakh nationals running dark web marketplace
FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals TLDR: Key Points: FBI indict two individuals for managing dark web marketplace WWH Club Platform specialized in selling sensitive
Biden admin hypes AI promise for cyber defense strategies
TLDR: Key Points: White House considering a cybersecurity executive order focusing on AI Federal cybersecurity leaders see AI as a significant opportunity but also a major risk The Biden administration is looking