9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Barracuda Networks zero-day-in email software has been used by hackers to steal data for months. Security firm Barracuda Networks last week fixed a vulnerability that could have stayed
Barracuda Networks zero-day-in email software has been used by hackers to steal data for months.
Security firm Barracuda Networks last week fixed a vulnerability that could have stayed under the radar for months. Included in popular email software, the zero-day has been exploited by hackers since October last year to steal sensitive data from infected systems.
Error code CVE-2023-2868 was used to install various forms of malware. The vulnerability was caused by incomplete input validation of users’ .tar files.
It appeared in Barracuda Email Security Gateway versions 5.1.3.001 through 9.2.0.006; until Barracuda released a patch ten days ago. Last week, the company warned users that CVE-2023-2868 has been under investigation since the October attacks.
The malware that has since been identified includes the packages Saltwater, Seaside and Seaspy.
Saltwater is a malicious module for SMTP (“Simple Mail Transfer Protocol‘) of Barracuda’s Email Security Gateway application. This module creates a digital backdoor that can be used to download and upload files, issue commands, or provide hacking tools.
Various file formats can be stored on hard drives in Linux or Unix systems via Seaspy. This malware also creates a backdoor; one that effectively looks like a Barracuda Networks service. Seaspy intercepts data packets and can also be used for various actions. It is activated by a “magic package” that only the attacker knows. Research revealed that the malware’s code overlaps with that of cd00r, a publicly accessible backdoor.
Seaside is also a module for Barracuda ESG’s SMTP, but listens for commands to get a command-and-control IP address and a portal to initiate a reverse shell.
Barracuda emphasized contacting support to verify that an ESG is up to date or to install a new system if needed. The company also recommends ensuring that ESGs receive and implement required updates, patches and definitions, check for logins from unknown IPs or IPs identified as compromised by investigation, and rotate any credentials associated with an ESG.
Barracuda integrated Amazon Security Lake into email security late last year, just months after it was acquired by private equity firm KKR.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
