Barracuda, a provider of email protection and network security services, has warned users of a zero-day flaw that has been exploited to breach its Email Security Gateway (ESG) appliances. This vulnerability, tracked as CVE-2023-2868, affects versions 5.1.3.001 through 9.2.0.006 and is due to an inadequate sanitization of .tar file (tape archives) processing. This allows an attacker to remotely execute system commands with the privileges of the Email Security Gateway product through the use of Perl’s qx operator.
The company identified the issue on May 19, 2023 and released a patch the following day, with a second patch released on May 21. Evidence of active exploitation has been found, resulting in unauthorized access to some email gateway appliances. The scale of the attack is unknown, but affected users have been contacted with a list of remedial actions to take and have been urged to review their environments.
The threat actors behind the attack are still unidentified, but Chinese and Russian hacking groups have been seen deploying custom malware on vulnerable Cisco, Fortinet, and SonicWall devices in recent months. Additionally, a large-scale exploitation of a cross-site scripting (XSS) flaw in the plugin Beautiful Cookie Consent Banner (CVSS score: 7.2) has been reported, allowing unauthenticated attackers to inject malicious JavaScript to a website. Defiant, a WordPress security company, has blocked nearly 3 million attacks against more than 1.5 million sites since May 23, 2023 and the attacks are ongoing.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.