Security News

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
2023-05-26 04:04

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway appliances. "The vulnerability stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product."

Barracuda warns of email gateways breached via zero-day flaw
2023-05-24 15:42

Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway appliances were breached last week by targeting a now-patched zero-day vulnerability. While the flaw was patched over the weekend, Barracuda warned on Tuesday that some of its customers' ESG appliances were compromised by exploiting the now-patched security bug.

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability
2022-12-14 04:40

The U.S. National Security Agency on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller and Gateway to take over affected systems. Successful exploitation requires that the Citrix ADC or Citrix Gateway appliance is configured as a SAML service provider or a SAML identity provider.

Hackers exploit critical Citrix ADC and Gateway zero day, patch now
2022-12-13 15:07

Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks. Citrix ADC and Citrix Gateway version 13.1 are not affected by CVE-2022-27518, so upgrading to it solves the security problem.

Citrix fixes critical ADC and Gateway zero-day exploited in attacks
2022-12-13 15:07

Citrix is strongly urging admins to apply security updates for an actively exploited 'Critical' zero-day vulnerability in Citrix ADC and Gateway that allows a remote attacker to take control of a device. Citrix is warning admins to install the latest update "As soon as possible" as the vulnerability is actively exploited in attacks.

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products
2022-11-10 10:26

Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller and Gateway that could be exploited to take control of affected systems.Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under specific configurations.

Citrix urges admins to patch critical ADC, Gateway auth bypass
2022-11-08 17:03

Citrix is urging customers to install security updates for a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway."Note that only appliances that are operating as a Gateway are affected by the first issue, which is rated as a Critical severity vulnerability," explains the Citrix security bulletin.

Are Secure Web Gateways Outdated?
2022-07-29 00:00

Businesses today are more than standalone organizations. They have complicated ecosystems with intersections between the corporation and their customers, suppliers, and partners.

Why your API gateway is not enough for API security?
2022-07-06 04:00

While API gateways play a vital role in API management and API delivery, they provide a variety of core functionality for API security. It might be tempting to adhere to API gateway alone to meet security objectives.

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
2022-05-31 11:38

ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. ChromeLoader is a pervasive and persistent browser hijacker that eventually manifests as a browser extension, modifying victims' Chrome settings and redirecting user traffic to advertisement websites.