ACT government investigating Barracuda exploitation

By

“Harms assessment” under way.

The ACT government is the first in Australia to go public with its exposure to the Barracuda email security gateway (ESG) vulnerability.

ACT government investigating Barracuda exploitation

Last week, Barracuda announced that its email security gateway appliances were vulnerable and needed to be replaced, even though patches had been issued for the command injection vulnerability, CVE-2023-2868.

On June 8, the ACT government announced that it had investigated Barracuda’s announcement, and discovered that it operated vulnerable ESG appliances.

“The potential vulnerability was detected as being present and the ACT Cyber Security Centre immediately completed a rebuild of the impacted Barracuda system to eliminate any ongoing vulnerability," the government said.

“The investigation has now identified that a breach has occurred and a harms assessment is underway to fully understand the impact specific to our systems, and importantly to the data that may have been accessed.”

Barracuda’s security advisory for CVE-2023-2868 said the bug was “incomplete input validation of user supplied .tar [tape archive format] files as it pertains to the names of the files contained within the archive.”

It permits remote command execution on the ESG appliances, and has been seen in the wild, with evidence of data exfiltation and malware planted on the appliances.

Hackers have deployed a trojanised module, SALTWATER, for the Barracuda simple mail transfer protocol daemon (bsmptd), and the SEASPY packet capture filter that provides remote access as well.

Barracuda has called in Mandiant to help it investigate the vulnerability.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Macquarie Uni to spend up to $700m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

Nissan A/NZ's outsourced cyber incident call centre breached

Nissan A/NZ's outsourced cyber incident call centre breached

Digital ID bill passes parliament

Digital ID bill passes parliament

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

Log In

  |  Forgot your password?