The recently disclosed vulnerability affecting Barracuda Email Security Gateway (ESG) appliances has been exploited as a zero-day to target government, high-tech and IT organizations, according to Mandiant.
The ESG vulnerability, tracked as CVE-2023-7102, is an arbitrary code execution flaw impacting ‘Spreadsheet::ParseExcel’, an open source library used by ESG devices to check Excel email attachments for malware.
Attackers can plant malicious code inside a specially crafted Excel file and send it as an attachment to the targeted organization. The malicious code is executed without any user interaction when the ESG appliance scans the email, enabling the attackers to gain access to systems and steal valuable data.
[...]
Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ
Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ
-
rbc
- President
- Posts: 291
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ
Robert B. Carleton + ISC2 Central Mississippi President