Security News

New critical Citrix ADC and Gateway flaw exploited as zero-day
2023-07-18 18:00

Citrix today is alerting customers of a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "Strongly urges" to install updated versions without delay. Formerly Citrix ADC and Citrix Gateway, the two NetScaler products received new versions today to mitigate a set of three vulnerabilities.

New critical Citrix ADC and Gateway flaw exploited as zero-days
2023-07-18 18:00

Citrix today is alerting customers of a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "Strongly urges" to install updated versions without delay. Formerly Citrix ADC and Citrix Gateway, the two NetScaler products received new versions today to mitigate a set of three vulnerabilities.

Citrix ADC and Gateway zero-day actively exploited in attacks
2023-07-18 18:00

Citrix today is alerting customers of a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "Strongly urges" to install updated versions without delay. Formerly Citrix ADC and Citrix Gateway, the two NetScaler products received new versions today to mitigate a set of three vulnerabilities.

Barracuda working on fix for ongoing Email Gateway login issues
2023-07-07 15:19

Email and network security firm Barracuda is working to fix an ongoing issue that triggers invalid login errors and prevents Email Gateway Defense users from signing into their accounts. "We are investigating login problems seen by users and have identified the problem. We are working on fixing the issue with a tentative timeline for the fix to be released on or before July 14th," Barracuda says.

Chinese spies blamed for data-harvesting raids on Barracuda email gateways
2023-06-15 18:44

Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway devices globally as far back as October 2022, according to Mandiant. Mandiant, who has been working with Barracuda to investigate the exploit used and the malware subsequently deployed, today identified a China-based threat group it tracks as UNC4841, and said the snoops targeted a "Subset" of Barracuda ESG appliances across several regions and sectors.

Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway
2023-06-15 14:56

A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic of China," Google-owned Mandiant said in a new report published today, describing the group as "Aggressive and skilled."

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin
2023-06-14 08:33

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. WooCommerce Stripe Gateway allows e-commerce websites to directly accept various payment methods through Stripe's payment processing API. It boasts of over 900,000 active installations.

Barracuda Email Security Gateways bitten by data thieves
2023-05-31 18:15

A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants - for at least the past seven months. Barracuda said it discovered the bug, tracked as CVE-2023-2868, in its Email Security Gateway appliance on May 19 and pushed a patch to all of these products globally the following day.

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months
2023-05-31 05:25

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868, has been actively exploited for at least seven months prior to its discovery.

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
2023-05-26 04:04

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway appliances. "The vulnerability stems from incomplete input validation of a user-supplied.tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product."