CVE-2023-2868
published 2023-05-24CVE-2023-2868: A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions…
PriorityP196critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2023-06-16
Exploited in the wild
EPSS
86.96%
99.7th percentile
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barracuda | barracuda_email_security_gateway | >= 5.1.3.001 < 9.2.0.006 | 9.2.0.006 |
| barracuda | email_security_gateway_300_firmware | 5.1.3.001 – 9.2.0.006 | — |
| barracuda | email_security_gateway_400_firmware | 5.1.3.001 – 9.2.0.006 | — |
| barracuda | email_security_gateway_600_firmware | 5.1.3.001 – 9.2.0.006 | — |
| barracuda | email_security_gateway_800_firmware | 5.1.3.001 – 9.2.0.006 | — |
| barracuda | email_security_gateway_900_firmware | 5.1.3.001 – 9.2.0.006 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Inspect TAR attachment filenames for backtick or shell metacharacter injection sequences; the vulnerability is triggered by specially crafted filenames within .tar archives processed by the ESG appliance via Perl's qx operator. ↗
- →Monitor Barracuda ESG appliances for unusual outbound traffic or unexpected process execution; exploitation was observed as early as October 2022, months before discovery. ↗
- →Check ESG appliance UI for compromise notifications; Barracuda stated that appliances displaying a notification had indicators of compromise. ↗
- →Review network and endpoint indicators released by Barracuda covering activity back to at least October 2022 for signs of compromise by UNC4841 (China-nexus threat actor). ↗
- →The CISA published additional IoCs associated with exploitation of CVE-2023-2868; consult CISA advisories for supplementary network and host-based indicators. ↗
- ·Affected version range is 5.1.3.001 through 9.2.0.006 (appliance form factor only); SaaS email solutions were not impacted. ↗
- ·Rotate all credentials connected to affected ESG appliances as part of incident response, in addition to device replacement. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.4CRITICAL
cisa9.8CRITICAL
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: net: fix net_dev_start_xmit trace event vs skb_transport_offset()
vendor_redhat·2025-09-16·CVSS 5.5
CVE-2023-53312 [MEDIUM] kernel: net: fix net_dev_start_xmit trace event vs skb_transport_offset()
kernel: net: fix net_dev_start_xmit trace event vs skb_transport_offset()
In the Linux kernel, the following vulnerability has been resolved:
net: fix net_dev_start_xmit trace event vs skb_transport_offset()
After blamed commit, we must be more careful about using
skb_transport_offset(), as reminded us by syzbot:
WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 skb_transport_offset include/linux/skbuff.h:2977 [inline]
WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14
Modules linked in:
CPU: 0 PID: 10 Comm: kworker/u4:1 Not tainted 6.1.30-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
RIP:
CISA
Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
cisa·2023-05-26·CVSS 9.8
CVE-2023-2868 [CRITICAL] CWE-20 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
Vulnerability: Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
Affected: Barracuda Networks Email Security Gateway (ESG) Appliance
Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
Required Action: Apply updates per vendor instructions.
Notes: https://status.barracuda.com/incidents/34kx82j5n4q9; https://nvd.nist.gov/vuln/detail/CVE-2023-2868
Remediation Due Date: 2023-06-16
GHSA
GHSA-898g-hmh5-hrcr: A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5
ghsa_unreviewed·2023-07-06
CVE-2023-2868 [CRITICAL] CWE-20 GHSA-898g-hmh5-hrcr: A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.
VulnCheck
Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
vulncheck·2023·CVSS 9.4
CVE-2023-2868 [CRITICAL] CWE-20 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
Affected: Barracuda Networks Email Security Gateway (ESG) Appliance
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://status.barracuda.com/incidents/34kx82j5n4q9; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cisa.gov/news-events/alerts/2023/06/15/barracuda-networks-releases-update-address-esg-vulnerability; https://cloud.google.com/blog/topics/threat-intelligence/barracuda-es
Suricata
ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M2
suricata·2023-09-21·CVSS 9.4
CVE-2023-2868 [CRITICAL] ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M2
ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M2
Rule: alert smtp any any -> $SMTP_SERVERS any (msg:"ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M2"; flow:established,to_server; file.data; content:"|60 27|"; content:"|75 73 74 61 72|"; distance:0; fast_pattern; content:"|27 60|"; within:500; reference:url,www.mandiant.com/resources/blog/barracuda-esg-exploited-globally; reference:cve,2023-2868; classtype:attempted-admin; sid:2048146; rev:3; metadata:affected_product Barracuda_ESG, attack_target SMTP_Server, created_at 2023_09_21, cve CVE_2023_2868, deployment Perimeter, deployment Internal, performance_impact Low, confidence Low, signature_severity Major, tag CISA_KEV, updated_at 20
Suricata
ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M1
suricata·2023-06-15·CVSS 9.4
CVE-2023-2868 [CRITICAL] ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M1
ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M1
Rule: alert smtp any any -> $SMTP_SERVERS any (msg:"ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M1"; flow:established,to_server; file.data; content:"|75 73 74 61 72|"; fast_pattern; content:"|27 60|"; distance:0; content:"|60 27|"; within:500; reference:url,www.mandiant.com/resources/blog/barracuda-esg-exploited-globally; reference:cve,2023-2868; classtype:attempted-admin; sid:2046280; rev:1; metadata:affected_product Barracuda_ESG, attack_target SMTP_Server, created_at 2023_06_15, cve CVE_2023_2868, deployment Perimeter, deployment Internal, performance_impact Low, confidence Low, signature_severity Major, tag CISA_KEV, tag Descripti
Rapid7
Metasploit Wrap-Up 03/27/2026
blogs_rapid7·2026-03-27·CVSS 9.0
[CRITICAL] Metasploit Wrap-Up 03/27/2026
## Better NTLM Relaying Functionality
This week’s release brings an improvement to the SMB NTLM relay server. In the past, it’s support has been expanded with modules for relaying to HTTP (ESC8), MSSQL and LDAP while still receiving connections over the humble SMB service. Prior to this release, clients required a key behavior in how they handled SMB’s STATUS_NETWORK_SESSION_EXPIRED error code, in order to relay a single authentication attempt to multiple targets. Most clients other than Window’s “net use” do not handle these errors and were thus incompatible with Metasploit SMB NTLM relaying capabilities. Now, when a single target is specified, Metasploit alters its relaying strategy to forward the Net-NTLM messages immediately, making it compatible with a broader range of clients includ
Bleepingcomputer
Stealthy 'Magic Packet' malware targets Juniper VPN gateways
blogs_bleepingcomputer·2025-01-23
Stealthy 'Magic Packet' malware targets Juniper VPN gateways
## Stealthy 'Magic Packet' malware targets Juniper VPN gateways
## Ionut Ilascu
A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a “magic packet” in the network traffic.
The J-magic attacks appear to target organizations in the semiconductor, energy, manufacturing (marine, solar panels, heavy machinery), and IT sectors.
## Challenge-protected reverse shell
The J-magic malware is a custom variant of the publicly available cd00r backdoor - a proof-of-concept that stays silent and passively monitors network traffic for a specific packet before opening a communication channel with the attacker.
According to researchers at Black Lotus Labs, Lumen’s threat resea
Bleepingcomputer
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
blogs_bleepingcomputer·2024-11-12·CVSS 10.0
[CRITICAL] FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
## FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
## Sergiu Gatlan
The FBI, the NSA, and Five Eyes cybersecurity authorities have released a list of the top 15 routinely exploited vulnerabilities throughout last year, most of them first abused as zero-days.
A joint advisory published on Tuesday calls for organizations worldwide to immediately patch these security flaws and deploy patch management systems to minimize their networks' exposure to potential attacks.
"In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets," the cybersecurity agencies warned .
"In 2023, the majority of the most frequently exploited vulnerabilities
Tenable
From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25
blogs_tenable·2024-10-22
From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Barracuda fixes new ESG zero-day exploited by Chinese hackers
blogs_bleepingcomputer·2023-12-27·CVSS 9.4
CVE-2023-7102 [CRITICAL] Barracuda fixes new ESG zero-day exploited by Chinese hackers
## Barracuda fixes new ESG zero-day exploited by Chinese hackers
## Sergiu Gatlan
Network and email security firm Barracuda says it remotely patched all active Email Security Gateway (ESG) appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers.
The company deployed a second wave of security updates a day later on already compromised ESG appliances where the attackers deployed SeaSpy and Saltwater malware.
Disclosed on Christmas Eve and tracked as CVE-2023-7102 , the zero-day is due to a weakness in the Spreadsheet::ParseExcel third-party library used by the Amavis virus scanner running on Barracuda ESG appliances.
Attackers can exploit the flaw to execute arbitrary code on unpatched ESG appliances through parameter injection.
The company also filed the
Qualys
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
blogs_qualys·2023-12-19
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
## Table of Contents
2023 Statistics
2023 Vulnerability Threat Landscape
Top Vulnerability Types
Key Insights
Top MITRE ATT&CK Tactics & Techniques
Most Active Threats
Conclusion
As 2023 nears its end, it’s time to pause and reflect. It’s time to assess what worked and what didn’t, what caught our attention and caused disruption, and what went unnoticed. More importantly, we need to know what lessons we learned from 2023 so that we can do a better job of managing risk in the coming year. In line with this, the Qualys Threat Research Unit has prepared a comprehensive blog series to review the threat landscape in 2023.
Key Takeaways:
Less than one percent of vulnerabilities contributed to the highest risk and were routinely exploited in the wild.
97 high-risk vulnerabilities, like
Qualys
Top Cyber Threats of 2023: An In-Depth Review (Part One) | Qualys
blogs_qualys·2023-12-19
Top Cyber Threats of 2023: An In-Depth Review (Part One) | Qualys
#### Table of Contents
- 2023 Statistics
- 2023 Vulnerability Threat Landscape
- Top Vulnerability Types
- Key Insights
- Top MITRE ATT&CK Tactics & Techniques
- Most Active Threats
- Conclusion
As 2023 nears its end, it’s time to pause and reflect. It’s time to assess what worked and what didn’t, what caught our attention and caused disruption, and what went unnoticed. More importantly, we need to know what lessons we learned from 2023 so that we can do a better job of managing risk in the coming year. In line with this, the Qualys Threat Research Unit has prepared a comprehensive blog series to review the threat landscape in 2023.
Key Takeaways:
- Less than one percent of vulnerabilities contributed to the highest risk and were routinely exploited in the wild.
- 97 high-risk vulnerab
Tenable
Maximize Your Vulnerability Scan Value with Authenticated Scanning
blogs_tenable·2023-11-30
Maximize Your Vulnerability Scan Value with Authenticated Scanning
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
Advanced threat predictions for 2024
blogs_securelist·2023-11-14
Advanced threat predictions for 2024
Table of Contents
A review of last year’s predictions
1. The rise of destructive attacks
2. Mail servers become priority targets
3. The next WannaCry
4. APT targeting turns toward satellite technologies, producers and operators
5. Hack-and-leak is the new black (and bleak)
6. More APT groups will move from Cobalt Strike to other alternatives
7. SIGINT-delivered malware
8. Drone hacking!
APT predictions for 2024
The rise of creative exploits for mobile, wearables and smart devices
Building new botnets with consumer and corporate software and appliances
Barriers to kernel-level code execution increasingly evaded (kernel rootkits hot again)
Growth in cyberattacks by state-sponsored actors
Hacktivism in cyber-warfare: the new normal in geopolitical conflicts
Supply chain attack
Securelist
Kaspersky Security Bulletin: APT predictions 2024
blogs_securelist·2023-11-14
Kaspersky Security Bulletin: APT predictions 2024
Table of Contents
- A review of last year’s predictions
- APT predictions for 2024
Authors
- GReAT
Advanced persistent threats (APTs) are the most dangerous threats, as they employ complex tools and techniques, and often are highly targeted and hard to detect. Amid the global crisis and escalating geopolitical confrontations, these sophisticated cyberattacks are even more dangerous, as there is often more at stake.
At Kaspersky’s Global Research and Analysis Team (GReAT), we monitor a number of APT groups, analyze trends and try to anticipate their future developments to keep ahead of the evolving threat landscape and keep our customers safe. In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come i
Wiz
Eight questions to measure vulnerability remediation "pain" | Wiz Blog
blogs_wiz·2023-11-03
Eight questions to measure vulnerability remediation "pain" | Wiz Blog
A few weeks ago I saw this tweet from Dr. Anton Chuvakin , where he asked which vulnerabilities in recent memory have inflicted the most pain to security teams. This was a good question, and it got me thinking: what actually makes a vulnerability “painful”?
Certainly the most obvious factor is a vulnerability’s severity , often determined by its CVSS score ( which isn’t always a reliable metric but is arguably still very useful). If a severe vulnerability is exploited in an organization’s environment, the impact could be significant, and the harm caused to both the organization itself and its customers could be very bad. Beyond severity, there are also other various factors to consider that can help us determine whether a vulnerability is worth our time and effort.
However, putting aside
Wiz
Eight questions to measure vulnerability remediation "pain" | Wiz Blog
blogs_wiz·2023-11-03
Eight questions to measure vulnerability remediation "pain" | Wiz Blog
A few weeks ago I saw this tweet from Dr. Anton Chuvakin, where he asked which vulnerabilities in recent memory have inflicted the most pain to security teams. This was a good question, and it got me thinking: what actually makes a vulnerability “painful”?
Certainly the most obvious factor is a vulnerability’s severity, often determined by its CVSS score (which isn’t always a reliable metric but is arguably still very useful). If a severe vulnerability is exploited in an organization’s environment, the impact could be significant, and the harm caused to both the organization itself and its customers could be very bad. Beyond severity, there are also other various factors to consider that can help us determine whether a vulnerability is worth our time and effort.
However, putting aside th
Qualys
Top 10 Exploited Vulnerabilities in 2023: Insights from the Qualys Survey | Qualys
blogs_qualys·2023-09-26·CVSS 7.8
[HIGH] Top 10 Exploited Vulnerabilities in 2023: Insights from the Qualys Survey | Qualys
#### Table of Contents
- 7 Key Insights by the Qualys Threat Research Unit
- A Closer Look at the Top 10 Exploited Vulnerabilities of 2023
- Optimizing Risk Management with Qualys VMDR TruRiskDashboard
- Next Steps: Reduce Your Risk to the Top 10 Vulnerabilities with Qualys VMDR
- Additional Contributors:
The Qualys Threat Research Unit (TRU) has thoroughly analyzed vulnerabilities reported in 2023. Our comprehensive study assesses factors including weaponization status, existence in the CISA KEV, instances or usage of malware and ransomware, trending vulnerabilities, various scoring metrics, and recency of threats. Insights for the Top 10 vulnerabilities during 2023 are also based on evidence of exploitation, patch adoption rates, and the longevity of vulnerabilities.
## 7 Key Insights
Qualys
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
blogs_qualys·2023-09-26·CVSS 7.8
[HIGH] Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
## Table of Contents
7 Key Insights by the Qualys Threat Research Unit
A Closer Look at the Top 10 Exploited Vulnerabilities of 2023
Optimizing Risk Management with Qualys VMDR TruRiskDashboard
Next Steps: Reduce Your Risk to the Top 10 Vulnerabilities with Qualys VMDR
Additional Contributors:
The Qualys Threat Research Unit (TRU) has thoroughly analyzed vulnerabilities reported in 2023. Our comprehensive study assesses factors including weaponization status, existence in the CISA KEV, instances or usage of malware and ransomware, trending vulnerabilities, various scoring metrics, and recency of threats. Insights for the Top 10 vulnerabilities during 2023 are also based on evidence of exploitation, patch adoption rates, and the longevity of vulnerabilities.
## 7 Key Insights by the
Checkpoint
4th September – Threat Intelligence Report
blogs_checkpoint·2023-09-04
CVE-2023-36844 4th September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 4th September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 4th September, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The FBI announced operation ‘Duck Hunt’ dismantling the Qakbot (Qbot) malware operation that is active since at least 2008. Qakbot has been known to infect victims via spam emails with malicious attachments and links, while also serving as a platform for ransomware operators. It has impacted over 700,000 computers worldwi
Tenable
CVE-2023-2868: Barracuda and FBI Recommend Replacing Email Security Gateway (ESG) Devices Immediately
blogs_tenable·2023-08-30·CVSS 9.4
[CRITICAL] CVE-2023-2868: Barracuda and FBI Recommend Replacing Email Security Gateway (ESG) Devices Immediately
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
blogs_krebs·2023-06-08·CVSS 9.4
[CRITICAL] Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.
The Barracuda Email Security Gateway (ESG) 900 appliance.
Campbell, Calif. based Barracuda said it hired incident response firm Mandiant on May 18 after receiving reports about unusual traffic originating from its Email Security Gateway (ESG) devices, which are designed to sit at t
Krebs
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
blogs_krebs·2023-06-08·CVSS 9.4
[CRITICAL] Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.
Campbell, Calif. based Barracuda said it hired incident response firm Mandiant on May 18 after receiving reports about unusual traffic originating from its Email Security Gateway (ESG) devices, which are designed to sit at the edge of an organization’s network and scan all incoming a
Checkpoint
29th May – Threat Intelligence Report
blogs_checkpoint·2023-05-29
CVE-2023-2868 29th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 29th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th May, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The Cuba ransomware gang has claimed responsibility for the cyberattack on The Philadelphia Inquirer, the largest newspaper in Philadelphia. The newspaper was hit by ransomware on May 14 th , leading its IT team to shut down computer systems to prevent further damage. The attack also temporary disrupted the distribution of the prin
Recorded Future
Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
blogs_recorded_future·CVSS 8.0
[HIGH] Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
## Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
Editor's note: The following blog post originally appeared on Levi Gundert's Substack page .
At Recorded Future , we’re determined to iteratively answer the “So What? Now What?” (SW/NW) questions, which some intelligence professionals colloquially characterize as “actionability.” Insikt Group often engages in a “non-obvious second-order implications” (NOSOI) exercise to derive quality SWNW answers from geopolitical and cyber intelligence for business executives. NOSOI results vary (GPT-4 is good at “second-order” but less adept at “non-obvious”), and of course, “non-obvious” is a subjective label. Still, it’s a reasonable articulation of our goal, and we know it when we see it.
Toward an ex
Recorded Future
Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
blogs_recorded_future·CVSS 8.0
[HIGH] Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
# Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
Editor's note: The following blog post originally appeared on Levi Gundert's Substack page.
Image provided by authors
At Recorded Future, we’re determined to iteratively answer the “So What? Now What?” (SW/NW) questions, which some intelligence professionals colloquially characterize as “actionability.” Insikt Group often engages in a “non-obvious second-order implications” (NOSOI) exercise to derive quality SWNW answers from geopolitical and cyber intelligence for business executives. NOSOI results vary (GPT-4 is good at “second-order” but less adept at “non-obvious”), and of course, “non-obvious” is a subjective label. Still, it’s a reasonable articulation of our goal, and we know it when
Recorded Future
2025 Cloud Threat Hunting and Defense Landscape
blogs_recorded_future
2025 Cloud Threat Hunting and Defense Landscape
# 2025 Cloud Threat Hunting and Defense Landscape
## Executive Summary
Insikt Group has observed continued trends of growth and increased activity of threat actors leveraging and exploiting cloud infrastructure to broaden the number of victims they target and infect. Recent reporting across the observed incidents shows that cloud-focused threats are converging on a few consistent patterns, which serve as the main sections of this report:
- Exploitation and Misconfiguration
- Cloud Abuse
- Cloud Ransomware
- Credential Abuse, Account Takeover, and Unauthorized Access
- Third-Party Compromise
Across cases, initial access frequently comes from vulnerable or misconfigured services exposed to the internet — including application delivery controllers, monitoring dashboards, email security ga
arXiv
From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection
arxiv_fulltext·2025-11-25
From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection
frontmatter
From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection.
[nyuad]Sidahmed Benabderrahmanecor1
[email protected]
[nyuad]Talal Rahwan
[email protected]
[cor1]Corresponding author
[nyuad]New York University, NYUAD, Division of Science.
## Abstract
Advanced Persistent Threats (APT) pose a major cybersecurity challenge due to their stealth, persistence, and adaptability. Traditional machine learning detectors struggle with class imbalance, high-dimensional features, and scarce real-world traces. They often lack transferability—performing well in the training domain but degrading in novel attack scenarios. We propose a hybrid transfer framework that integrates Transfer Learning, Explainable AI (XAI), contrastive learnin
arXiv
CyGATE: Game-Theoretic Cyber Attack-Defense Engine for Patch Strategy Optimization
arxiv_fulltext·2025-08-01
CyGATE: Game-Theoretic Cyber Attack-Defense Engine for Patch Strategy Optimization
CyGATE: Game-Theoretic Cyber Attack-Defense Engine for Patch Strategy Optimization
Yuning Jiang1,
Nay Oo2,
Qiaoran Meng1,
Lu Lin1,
Dusit Niyato3,
Zehui Xiong4,
Hoon Wei Lim2,
Biplab Sikdar1
1
National University of Singapore, Singapore
2NCS Cyber Special Ops R&D, Singapore
3Nanyang Technological University, Singapore
4Queen's University Belfast, Belfast, UK
## Abstract
Modern cyber attacks unfold through multiple stages, requiring defenders to dynamically prioritize mitigations under uncertainty. While game-theoretic models capture attacker-defender interactions, existing approaches often rely on static assumptions and lack integration with real-time threat intelligence, limiting their adaptability. This paper presents CyGATE, a game-theoretic framework modeling attacker-defender inter
arXiv
Investigating the Temporal Dynamics of Cyber Threat Intelligence
arxiv_fulltext·2024-12-26
Investigating the Temporal Dynamics of Cyber Threat Intelligence
Investigating the Temporal Dynamics of Cyber Threat Intelligence
Angel Kodituwakku, Clark Xu,
Daniel Rogers, and David K. Ahn
Centripetal Networks
Reston, VA, USA
[email protected]
Errin W. Fulp
Department of Computer Science
Wake Forest University
Winston-Salem, NC, USA
[email protected]
## Abstract
Indicators of Compromise (IoCs) play a crucial role in the rapid detection and mitigation of cyber threats. However, the existing body of literature lacks in-depth analytical studies on the temporal aspects of IoC publication, especially when considering up-to-date datasets related to Common Vulnerabilities and Exposures (CVEs). This paper addresses this gap by conducting an analysis of the timeliness and comprehensiveness of Cyber Threat Intelligence (CTI) pertaining to several
https://status.barracuda.com/incidents/34kx82j5n4q9https://www.barracuda.com/company/legal/esg-vulnerabilityhttps://status.barracuda.com/incidents/34kx82j5n4q9https://www.barracuda.com/company/legal/esg-vulnerabilityhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2868
2023-05-24
Published
2023-05-26
Added to CISA KEV
Exploited in the wild