"FBI: Unplug Exploited Barracuda ESG Appliances Now"

The FBI has advised Barracuda customers who are still using the vendor's vulnerable Email Security Gateway (ESG) to remove the appliance from operation. Many of the appliances were hit in a zero-day attack discovered in May. The attack was attributed to a previously unknown China-linked threat group, dubbed UNC4841 by Mandiant. Barracuda released patches for the critical remote command injection vulnerability, tracked as CVE-2023-2868, and informed consumers that compromised appliances would be replaced. However, the FBI's Cyber Division has upped the ante, emphasizing in a flash advisory that "Barracuda customers should remove all ESG appliances immediately" because "the patches released by Barracuda in response to this CVE were ineffective." The FBI noted that it had independently confirmed that all exploited ESG appliances, including those with patches issued by Barracuda, remain vulnerable to computer network compromise by PRC (People's Republic of China) cyber actors suspected of exploiting this vulnerability. This article continues to discuss the FBI's warning about Barracuda ESG appliances. 

SC Media reports "FBI: Unplug Exploited Barracuda ESG Appliances Now"