The FBI has warned owners of Barracuda Email Security Gateway (ESG) appliances the devices are likely undergoing attack by snoops linked to China, and removing the machines from service remains the safest course of action. The attackers are exploiting CVE-2023-2868, a critical remote command injection vulnerability that was discovered in May 2023, and was exploited as far back as October 2022. After Barracuda spot the bug on May 19, it pushed a patch the next day. In June, the supplier recommended replacing the appliances, even if they had been patched.

http://klse.i3investor.com/web/blog/detail/future_tech/2023-08-25-story-h-241841008-FBI_Who_was_going_around_hijacking_Barracuda_email_boxes_China_probably

#i3investor