Sergiu Gatlan reports:
Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers’ Email Security Gateway (ESG) appliances with custom malware and steal data.
The company says an ongoing investigation found that the bug (tracked as CVE-2023-2868) was first exploited in October 2022 to gain access to “a subset of ESG appliances” and deploy backdoors designed to provide the attackers with persistent access to the compromised systems.
Read more at BleepingComputer.