Robotic fish

Credit: Bing Image Creator

Barracuda, a cybersecurity firm, has recently disclosed a critical vulnerability in their Email Security Gateway (ESG) appliances that has been actively exploited by threat actors in the wild since at least October 2022. This vulnerability, known as a remote command injection flaw, specifically targets a subset of devices running versions 5.1.3.001-9.2.0.006. The firm has identified that the vulnerability resides within a module responsible for conducting initial scans on attachments within incoming emails. Whilst initially addressable via a patch, the vendor is now urging its customers to replace the hardware appliances as they are unfixable.

The CVE-2023-2868 vulnerability is caused by a lack of thorough sanitization during the processing of .tar files. The issue arises from inadequate validation when handling email attached .tar files, specifically regarding the file names within the archive. This flaw enables a remote attacker to manipulate the file names in a specific format, allowing them to execute system commands remotely using Perl’s qx operator. The commands are executed with the privileges of the ESG product, exacerbating the potential impact of the attack.

The ramifications of exploiting CVE-2023-2868 can be severe. Once a threat actor gains control over the affected appliance, they can execute arbitrary commands with the application’s privileges. This scenario opens the floodgates to various malicious activities, including unauthorized access to sensitive data and the subsequent exfiltration of that data, manipulation of critical system settings, or even the complete and permanent compromise of the target system. The potential impact on organizations, both in terms of financial loss and reputational damage, cannot be understated. Noteworthy victims include the Australian Capital Territory government.

If you were affected by this exploit and are looking for alternatives, look no further than GoSecure Titan® Secure Email Gateway (SEG)! The first thing to take note is that the SEG platform is hosted: you no longer need/have the hassles and maintenance of an Email Gateway appliance.

In any industry, effective communication plays a crucial role in achieving success. Email remains the preferred tool for staying connected with customers and remote workforces. However, the challenge lies in the fact that email, while indispensable, also presents a significant vulnerability. With phishing accounting for 90% of data breaches and 85% of breaches involving human elements, email has become a primary target for attackers, leading to costly and disruptive downtime.

Although cloud email solutions offer basic security features, the rising volume and complexity of email attacks have cast doubts on the effectiveness and reliability of native solutions. Many businesses express dissatisfaction with the one-size-fits-all approach to email security, particularly those relying on Microsoft 365, with nearly 75% of them seeking additional protection.

To address these concerns, GoSecure Titan SEG provides dynamic adjustment to the ever-evolving email threat landscape, safeguarding your business from ransomware and downtime. Our comprehensive defense strategy combines machine learning, behavioral scanning, exploit prevention, signature-based detection, and structure heuristics. This powerful combination, bolstered by human analysis, offers unparalleled protection against phishing, business email compromise (BEC) attacks, spam, polymorphic malware, identity theft, account takeover, and other malicious or offensive content.

Once setup, GoSecure Titan SEG will run autonomously and requires little to no maintenance and management. If you were bitten by Barracuda and you are looking for a viable alternative, GoSecure Titan SEG is your answer. GoSecure will help you migrate your data and guide you every step of the way!

GoSecure Titan SEG Benefits:

  1. GoSecure Titan SEG utilizes our proprietary Cerberus containerization technology. The environment is isolated while the email message and email attachments are analyzed. The analysis is done in a secure environment, ensuring that potential risks are contained to prevent potential exploitation attempts from reaching the broader system. This approach guarantees maximum protection for sensitive data, networks, and user communication.
  2. GoSecure Titan SEG has full API support for configuration and quarantine access.
  3. GoSecure Titan SEG continuously monitors its network and components.
  4. GoSecure Titan SEG has many automated detections as well as humans that are analyzing mail and targeting threats before they become an issue.
  5. GoSecure Titan SEG has filtered more than 10 billion emails over the past 15 years since its launch.
  6. GoSecure Titan SEG has over 30,000 existing rules that block 14,313,398 malicious emails on average per month before it gets to your inbox.

Update: Mandiant has released a detailed technical analysis of CVE-2023-2868 and the indicators left by threat actors known to exploit this vulnerability. We strongly advise Barracuda customers to consult this reference.

GoSecure Titan® Managed Extended Detection & Response (MXDR)​

GoSecure Titan® Managed Extended Detection & Response (MXDR)​ Foundation

GoSecure Titan® Vulnerability Management as a Service (VMaaS)

GoSecure Titan® Managed Security Information & Event Monitoring (SIEM)

GoSecure Titan® Managed Perimeter Defense​ (MPD)

GoSecure Titan® Inbox Detection and Response (IDR)

GoSecure Titan® Platform

GoSecure Professional Security Services

Incident Response Services

Security Maturity Assessment

Privacy Services

PCI DSS Services

Penetration Testing Services​

Security Operations

MicrosoftLogo

GoSecure MXDR for Microsoft

Comprehensive visibility and response within your Microsoft security environment

USE CASES

Cyber Risks

Risk-Based Security Measures

Sensitive Data Security

Safeguard sensitive information

Private Equity Firms

Make informed decisions

Cybersecurity Compliance

Fulfill regulatory obligations

Cyber Insurance

A valuable risk management strategy

Ransomware

Combat ransomware with innovative security

Zero-Day Attacks

Halt zero-day exploits with advanced protection

Consolidate, Evolve & Thrive

Get ahead and win the race with the GoSecure Titan® Platform

24/7 MXDR FOUNDATION

GoSecure Titan® Endpoint Detection and Response (EDR)

GoSecure Titan® Next Generation Antivirus (NGAV)

GoSecure Titan® Network Detection and Response (NDR)

GoSecure Titan® Inbox Detection and Reponse (IDR)

GoSecure Titan® Intelligence

ABOUT GOSECURE

GoSecure is a recognized cybersecurity leader and innovator, pioneering the integration of endpoint, network, and email threat detection into a single Managed Extended Detection and Response (MXDR) service. For over 20 years, GoSecure has been helping customers better understand their security gaps and improve their organizational risk and security maturity through MXDR and Professional Services solutions delivered by one of the most trusted and skilled teams in the industry.

LATEST PRESS RELEASE

GOSECURE BLOG

SECURITY ADVISORIES

24/7 Emergency – (888)-287-5858