all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Latest Zero-Day Vulnerabilities: UNC4841 Targets Barracuda ESG with CVE-2023-7102, Apache OFBiz Authentication Bypass (CVE-2023-51467)

Add to bookmarks
Dec. 28, 2023, 1:25 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

The UNC4841 group, linked to China, is targeting Barracuda Email Security Gateway (ESG) appliances again, exploiting a new zero-day vulnerability identified as CVE-2023-7102.


Investigations revealed that attackers, using specially crafted Excel files attached to emails, targeted a limited number of Barracuda ESG devices to deploy new variants of SeaSpy and SaltWater malware.


It is important to note that there is a publicly available Proof-of-Concept (PoC) exploit for this vulnerability, raising concerns about potential widespread impact.


Background of UNC4841 Attacks …

apache apache ofbiz attackers authentication authentication bypass barracuda barracuda esg bypass china cve deploy devices email emails email security email security gateway esg excel exploiting files gateway investigations latest security security gateway targeting unc4841 vulnerabilities vulnerability zero-day zero-day vulnerabilities zero-day vulnerability

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

HPE security advisory (AV24-232) 55 minutes ago | malware.news
advisory article canadian canadian centre for cyber security +7
SonicWall security advisory (AV24-233) 55 minutes ago | malware.news
advisory article canadian canadian centre for cyber security +7
Critical infrastructure cyberattacks pushed NSA to unmask thousands of U.S. identities through spying law an hour ago | malware.news
act critical critical infrastructure cyberattacks +14
Change Healthcare incident caused by compromised Citrix credentials an hour ago | malware.news
article ceo change change healthcare +15
Stolen Citrix Credentials Led to Change Ransomware Attack 2 hours ago | malware.news
access attack authentication ceo +23
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more. - SWN … 2 hours ago | malware.news
article chrome fcc ftc +9
Navigating the cybersecurity career maze 4 hours ago | malware.news
article career careers cyber +12
The Top 11 Legal Industry Cyber Attacks 4 hours ago | malware.news
addition attack attacks breach +13
Sophos named a Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response … 4 hours ago | malware.news
and response article business capabilities +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineer - Vulnerability Management

@ Starling Bank | Southampton, England, United Kingdom
View on infosec-jobs.com

Manager Cybersecurity

@ Sia Partners | Rotterdam, Netherlands
View on infosec-jobs.com

Compliance Analyst

@ SiteMinder | Manila
View on infosec-jobs.com

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Enterprise Cyber Security Analyst – Advisory and Consulting

@ Ford Motor Company | Mexico City, MEX, Mexico
View on infosec-jobs.com
View more jobs