Threat Actors Compromise Barracuda Email Security Appliances

The company's ESG appliances were breached, but their other services remain unaffected by the compromise.

Email and network security solutions company Barracuda Networks is warning customers that threat actors have targeted its email security gateway (ESG) appliances for compromise, by way of an email attachment scanning module.

The issue, discovered on May 19, has since been addressed through two security patches applied worldwide on May 20 and 21, though Barracuda still warned its customers on May 23 that some of the ESG appliances remain compromised. In its investigation, the company found that the vulnerability "resulted in unauthorized access to a subset of email gateway appliances," though its other products, such as the software-as-a-service (SaaS) email security services, were not affected.

Because the investigation was limited specifically to the ESG, the company encourages those that have been affected to assess their network environments to ...