Barracuda Email Gateway Breach: 5 Things To Know
The attacks exploited a ‘critical’ vulnerability in the company’s on-premises Email Security Gateway that has now been patched.
Full Impact Is Unknown
In its post disclosing the breach Tuesday, Barracuda said that some Email Security Gateway customers were impacted by a breach last week that exploited a zero-day vulnerability in the appliance. The cybersecurity vendor didn’t specify in the post how many customers were affected, and said in an email to CRN that it’s not sharing further details on that aspect at this point.
Barracuda said in the post that the vulnerability was discovered on May 19, and the company deployed a patch “to all ESG appliances worldwide” the following day. A second patch was deployed on May 21 to all Email Security Gateway appliances.
The investigation so far has found that the vulnerability “resulted in unauthorized access to a subset of email gateway appliances.” Affected customers have been notified, Barracuda said.
“If a customer has not received notice from us via the ESG user interface, we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take,” Barracuda said in an email to CRN Wednesday.