Tuesday , November 12 2024

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches

The FBI has issued a warning stating that even after being patched against a critical flaw, Barracuda Networks Email Security Gateway (ESG) appliances are still vulnerable to potential compromise by suspected Chinese hacking groups.

It said that the fixes were not effective and that it still sees intrusions and considers all affected Barracuda ESG devices to be compromised and vulnerable to this attack.

CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems...
Read More
CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

Cyberattack Disrupts Israel’s Gas and Payment Systems

A cyberattack on an Israeli clearing company on Sunday left some people unable to use their credit cards for shopping...
Read More
Cyberattack Disrupts Israel’s Gas and Payment Systems

Russia blocks thousands websites using Cloudflare’s privacy service

Russia's media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare's encryption feature that enhances online privacy and security....
Read More
Russia blocks thousands websites using Cloudflare’s privacy service

Hacker to sale Indian Gov.t email credentials

Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker...
Read More
Hacker to sale Indian Gov.t email credentials

Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024, making it one...
Read More
Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

The Socket Research Team has discovered a malicious package named "fabrice," pretending to be the legitimate fabric SSH automation library....
Read More
Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

CISA alerts active exploitation of Palo Alto networks vuln

CISA has added a patched critical security flaw in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog due...
Read More
CISA alerts active exploitation of Palo Alto networks vuln

Critical bug in Cisco UWRB access points to run commands as root

Cisco has fixed a critical vulnerability, CVE-2024-20418, that allowed unauthenticated remote attackers to gain root access on Ultra-Reliable Wireless Backhaul...
Read More
Critical bug in Cisco UWRB access points to run commands as root

“ToxicPanda” banking trojan from Asia hit Europe and LATAM

In late October 2024, Cleafy’s Threat Intelligence team noticed a surge in a new Android malware known as TgToxic. However,...
Read More
“ToxicPanda” banking trojan from Asia hit Europe and LATAM

(CVE–2023-46747)
Hacker exploit Critical F5 BIG -IP Vulnerability in Bangladesh: CIRT report

Cyber Threat Intelligence Unit of BGD e-GOV CIRT found evidence of compromise linked to the vulnerability in F5 BIG-IP systems...
Read More
(CVE–2023-46747)  Hacker exploit Critical F5 BIG -IP Vulnerability in Bangladesh: CIRT report

ALSO READ:

WinRAR zero-day exploited since April to hack trading accounts

CVE-2023-2868 is a zero-day bug that was tracked with a CVSS score of 9.8. It was discovered to have been weaponized in October 2022, more than seven months before it was fixed. Mandiant, owned by Google, is diligently monitoring the China-nexus activity cluster known as UNC4841.

With the presence of a remote command injection vulnerability in versions 5.1.3.001 through 9.2.0.006, unauthorized individuals can gain administrator privileges and execute system commands on the ESG product.

The observed attacks have shown that a successful breach serves as a gateway to unleash numerous malware strains, including SALTWATER, SEASIDE, SEASPY, SANDBAR, SEASPRAY, SKIPJACK, WHIRLPOOL, and SUBMARINE (also known as DEPTHCHARGE). These strains enable the execution of any commands and effectively evade defense mechanisms.

The FBI stated that cyber actors used a vulnerability to add harmful payloads to the ESG appliance. These payloads had various capabilities like persistent access, email scanning, credential harvesting, and data exfiltration.

The threat intelligence company has identified UNC4841 as an aggressive and highly skilled group, showcasing a remarkable ability to adapt their custom tools and employ advanced tactics to maintain control over high-value targets with remarkable persistence.

The federal agency strongly advises customers to immediately isolate and replace all affected ESG devices. It is also crucial to conduct thorough network scans to identify any suspicious outgoing traffic.

Check Also

CISA

CISA Launches Its First Ever International Strategic Plan

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan …

Leave a Reply

Your email address will not be published. Required fields are marked *