Barracuda Email Gateway Breach: 5 Things To Know

May 24, 2023, 05:43 PM EDT

The attacks exploited a ‘critical’ vulnerability in the company’s on-premises Email Security Gateway that has now been patched.

Barracuda Customers Breached

While cybersecurity vendors are in business to protect organizations against hackers, sometimes the products that are supposed to do the protecting end up becoming the means utilized in a breach. One of the most widely felt cyberattack campaigns of 2023, for instance, was the series of attacks that leveraged a vulnerability in Fortra’s secure managed file transfer product, GoAnywhere.

Now, cybersecurity industry stalwart Barracuda has disclosed that it, too, has seen a product fall victim to an attack leveraging a zero-day vulnerability. The vulnerability in Barracuda’s Email Security Gateway appliance used by on-premises customers has now been patched, but not before an unspecified number of customers were breached. The breach was revealed by the Campbell, Calif.-based company on Tuesday, and as of this writing, further details have not been provided by the company beyond the initial disclosure. More details about the vulnerability itself, however, did appear online Wednesday, including that Google — in its capacity as a vulnerability numbering authority — has given a “critical” severity rating to the flaw in the Barracuda email security appliance.

What follows are five key things to know about the Barracuda Email Security Gateway breach.

Learn More: Cybersecurity | Current Threats | Application and Platform Security

Kyle Alspach

Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security. He can be reached at kalspach@thechannelcompany.com.