Barracuda Email Gateway Breach: 5 Things To Know
The attacks exploited a ‘critical’ vulnerability in the company’s on-premises Email Security Gateway that has now been patched.
Barracuda Customers Breached
While cybersecurity vendors are in business to protect organizations against hackers, sometimes the products that are supposed to do the protecting end up becoming the means utilized in a breach. One of the most widely felt cyberattack campaigns of 2023, for instance, was the series of attacks that leveraged a vulnerability in Fortra’s secure managed file transfer product, GoAnywhere.
[Related: Fortra: Certain On-Prem Customers Were Targeted In GoAnywhere Attacks]
Now, cybersecurity industry stalwart Barracuda has disclosed that it, too, has seen a product fall victim to an attack leveraging a zero-day vulnerability. The vulnerability in Barracuda’s Email Security Gateway appliance used by on-premises customers has now been patched, but not before an unspecified number of customers were breached. The breach was revealed by the Campbell, Calif.-based company on Tuesday, and as of this writing, further details have not been provided by the company beyond the initial disclosure. More details about the vulnerability itself, however, did appear online Wednesday, including that Google — in its capacity as a vulnerability numbering authority — has given a “critical” severity rating to the flaw in the Barracuda email security appliance.
What follows are five key things to know about the Barracuda Email Security Gateway breach.