"Barracuda ESG Zero-Day Exploit Hits Australia's ACT Government"

The Australian Capital Territory (ACT) Government is among an estimated 5 percent of Barracuda Networks' Email Security Gateway (ESG) customers who have been instructed to remove and replace their appliances due to a zero-day flaw compromise. Barracuda Networks disclosed the critical vulnerability on May 19 and patched impacted ESG appliances the next day, but the vendor recently warned those whose appliances had been compromised by the remote command injection vulnerability to replace their compromised appliances immediately. The ACT government rebuilt its Barracuda system after discovering the vulnerability and determining that malicious hackers had exploited it. According to Chris Steel, the Digital and Data Special Minister of State for the ACT Government, there was a "strong likelihood" that data had been stolen. However, they are currently unaware of any information that may have been accessed on ACT Government systems and made available on the dark web. The ACT Government administers the federal territory of Australia, which is home to the country's capital city, Canberra. Its ESG service was linked to the government's main citizen-facing transaction portal, health services, and more. This article continues to discuss the impact of the Barracuda ESG zero-day bug on the ACT Government. 

SC Media reports "Barracuda ESG Zero-Day Exploit Hits Australia's ACT Government"