Urgences 24 sur 7 – (888) 287-5858   Connexion au Portail TitanSupport    Contactez-nous      Blogue

Robotic fish

Credit: Bing Image Creator

Barracuda, a cybersecurity firm, has recently disclosed a critical vulnerability in their Email Security Gateway (ESG) appliances that has been actively exploited by threat actors in the wild since at least October 2022. This vulnerability, known as a remote command injection flaw, specifically targets a subset of devices running versions 5.1.3.001-9.2.0.006. The firm has identified that the vulnerability resides within a module responsible for conducting initial scans on attachments within incoming emails. Whilst initially addressable via a patch, the vendor is now urging its customers to replace the hardware appliances as they are unfixable.

The CVE-2023-2868 vulnerability is caused by a lack of thorough sanitization during the processing of .tar files. The issue arises from inadequate validation when handling email attached .tar files, specifically regarding the file names within the archive. This flaw enables a remote attacker to manipulate the file names in a specific format, allowing them to execute system commands remotely using Perl’s qx operator. The commands are executed with the privileges of the ESG product, exacerbating the potential impact of the attack.

The ramifications of exploiting CVE-2023-2868 can be severe. Once a threat actor gains control over the affected appliance, they can execute arbitrary commands with the application’s privileges. This scenario opens the floodgates to various malicious activities, including unauthorized access to sensitive data and the subsequent exfiltration of that data, manipulation of critical system settings, or even the complete and permanent compromise of the target system. The potential impact on organizations, both in terms of financial loss and reputational damage, cannot be understated. Noteworthy victims include the Australian Capital Territory government.

If you were affected by this exploit and are looking for alternatives, look no further than GoSecure Titan® Secure Email Gateway (SEG)! The first thing to take note is that the SEG platform is hosted: you no longer need/have the hassles and maintenance of an Email Gateway appliance.

In any industry, effective communication plays a crucial role in achieving success. Email remains the preferred tool for staying connected with customers and remote workforces. However, the challenge lies in the fact that email, while indispensable, also presents a significant vulnerability. With phishing accounting for 90% of data breaches and 85% of breaches involving human elements, email has become a primary target for attackers, leading to costly and disruptive downtime.

Although cloud email solutions offer basic security features, the rising volume and complexity of email attacks have cast doubts on the effectiveness and reliability of native solutions. Many businesses express dissatisfaction with the one-size-fits-all approach to email security, particularly those relying on Microsoft 365, with nearly 75% of them seeking additional protection.

To address these concerns, GoSecure Titan SEG provides dynamic adjustment to the ever-evolving email threat landscape, safeguarding your business from ransomware and downtime. Our comprehensive defense strategy combines machine learning, behavioral scanning, exploit prevention, signature-based detection, and structure heuristics. This powerful combination, bolstered by human analysis, offers unparalleled protection against phishing, business email compromise (BEC) attacks, spam, polymorphic malware, identity theft, account takeover, and other malicious or offensive content.

Once setup, GoSecure Titan SEG will run autonomously and requires little to no maintenance and management. If you were bitten by Barracuda and you are looking for a viable alternative, GoSecure Titan SEG is your answer. GoSecure will help you migrate your data and guide you every step of the way!

GoSecure Titan SEG Benefits:

  1. GoSecure Titan SEG utilizes our proprietary Cerberus containerization technology. The environment is isolated while the email message and email attachments are analyzed. The analysis is done in a secure environment, ensuring that potential risks are contained to prevent potential exploitation attempts from reaching the broader system. This approach guarantees maximum protection for sensitive data, networks, and user communication.
  2. GoSecure Titan SEG has full API support for configuration and quarantine access.
  3. GoSecure Titan SEG continuously monitors its network and components.
  4. GoSecure Titan SEG has many automated detections as well as humans that are analyzing mail and targeting threats before they become an issue.
  5. GoSecure Titan SEG has filtered more than 10 billion emails over the past 15 years since its launch.
  6. GoSecure Titan SEG has over 30,000 existing rules that block 14,313,398 malicious emails on average per month before it gets to your inbox.

Update: Mandiant has released a detailed technical analysis of CVE-2023-2868 and the indicators left by threat actors known to exploit this vulnerability. We strongly advise Barracuda customers to consult this reference.

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR)

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR) Fondation

Gestion des vulnérabilités en tant que service GoSecure TitanMC (VMaaS)

Surveillance des événements liés aux informations de sécurité gérée GoSecure TitanMC (SIEM gérée)

Défense du périmètre gérée GoSecure TitanMC (pare-feu)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Passerelle de messagerie sécurisée GoSecure TitanMC (SEG)

Modélisateur de menaces GoSecure TitanMC

Identity GoSecure TitanMC

Plateforme GoSecure TitanMC

Services de sécurité professionnels de GoSecure

Services de réponse aux incidents

Évaluation de la maturité de la sécurité

Services de confidentialité

Services PCI DSS

Services de piratage éthique

Opérations de sécurité

MicrosoftLogo

GoSecure MXDR pour Microsoft

Visibilité et réponse complètes au sein de votre environnement de sécurité Microsoft

CAS D'UTILISATION

Cyberrisques

Mesures de sécurité basées sur les risques

Sociétés de financement par capitaux propres

Prendre des décisions éclairées

Sécurité des données sensibles

Protéger les informations sensibles

Conformité en matière de cybersécurité

Respecter les obligations réglementaires

Cyberassurance

Une stratégie précieuse de gestion des risques

Rançongiciels

Combattre les rançongiciels grâce à une sécurité innovante

Attaques de type « zero-day »

Arrêter les exploits de type « zero-day » grâce à une protection avancée

Consolider, évoluer et prospérer

Prenez de l'avance et gagnez la course avec la Plateforme GoSecure TitanMC.

24/7 MXDR

Détection et réponse sur les terminaux GoSecure TitanMC (EDR)

Antivirus de nouvelle génération GoSecure TitanMC (NGAV)

Surveillance des événements liés aux informations de sécurité GoSecure TitanMC (SIEM)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Intelligence GoSecure TitanMC

Notre SOC

Défense proactive, 24h/24, 7j/7

À PROPOS DE GOSECURE

GoSecure est un leader et un innovateur reconnu en matière de cybersécurité, pionnier de l'intégration de la détection des menaces au niveau des terminaux, du réseau et des courriels en un seul service de détection et réponse gérées et étendues (MXDR). Depuis plus de 20 ans, GoSecure aide ses clients à mieux comprendre leurs failles en matière de sécurité et à améliorer leurs risques organisationnels ainsi que leur maturité en matière de sécurité grâce aux solutions MXDR et aux services professionnels fournis par l'une des équipes les plus fiables et les plus compétentes de l'industrie.

CALENDRIER D’ÉVÉNEMENTS

DERNIER COMMUNIQUÉ DE PRESSE

BLOGUE GOSECURE

AVIS DE SÉCURITÉ

Urgences 24 sur 7 – (888) 287-5858