The URL ought to have given away that issues had been critical.
https://www.barracuda.com/company/authorized/esg-vulnerability
And then there was the very eager try to underline the agency’s dedication to securing your information… they positively didn’t need you to overlook that.
We are dedicated to securing your information
The large pleasant letters jogged my memory – relatively aptly – of the well-known phrases “Don’t panic!” on the entrance of the “HitchHiker’s Guide to the Galaxy”…
But in the event you had been feeling a way of panic, I most likely couldn’t blame you, as a result of safety agency Barracuda Networks is warning folks of a safety vulnerability in its Email Security Gateway (ESG) equipment.
But greater than that, Barracuda is taking the weird step for a community safety vendor of telling its clients to bodily take away and decommission its {hardware}.
ACTION NOTICE: Impacted ESG home equipment should be instantly changed no matter patch model degree. If you haven’t changed your equipment after receiving discover in your UI, contact assist now ([email protected]).
Barracuda’s remediation advice right now is full alternative of the impacted ESG.
That’s proper. Barracuda is just not telling you to use a patch to the equipment that scans your incoming and outgoing e mail for malware. They need you to tear it out and change it as a substitute.
Clearly hackers have managed to use safety vulnerabilities on the Barracuda Email Security Gateway equipment to such an extent that any patch merely isn’t as much as the job of kicking them out.
There are more likely to be 10,000+ Barracuda ESG home equipment in use world wide. And it seems malicious exploitation of susceptible Barracuda ESG home equipment has been going down since not less than October 2022.
No surprise Barracuda is getting some authorized recommendation on methods to talk this to its clients.
“Don’t panic?”
Found this text fascinating? Follow Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we put up.