The URL should have given away that things were serious.
And then there was the very keen attempt to underline the firm’s commitment to securing your data… they definitely didn’t want you to miss that.
We are committed to securing your data
The big friendly letters reminded me – rather aptly – of the famous words “Don’t panic!” on the front of the “HitchHiker’s Guide to the Galaxy”…
But if you were feeling a sense of panic, I probably couldn’t blame you, because security firm Barracuda Networks is warning people of a security vulnerability in its Email Security Gateway (ESG) appliance.
But more than that, Barracuda is taking the unusual step for a network security vendor of telling its customers to physically remove and decommission its hardware.
ACTION NOTICE: Impacted ESG appliances must be immediately replaced regardless of patch version level. If you have not replaced your appliance after receiving notice in your UI, contact support now ([email protected]).
Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG.
That’s right. Barracuda is not telling you to apply a patch to the appliance that scans your incoming and outgoing email for malware. They want you to rip it out and replace it instead.
Clearly hackers have managed to exploit security vulnerabilities on the Barracuda Email Security Gateway appliance to such an extent that any patch simply isn’t up to the job of kicking them out.
There are likely to be 10,000+ Barracuda ESG appliances in use around the world. And it appears malicious exploitation of vulnerable Barracuda ESG appliances has been taking place since at least October 2022.
No wonder Barracuda is getting some legal advice on how to communicate this to its customers.