all InfoSec news
Latest Zero-Day Vulnerabilities: UNC4841 Targets Barracuda ESG with CVE-2023-7102, Apache OFBiz Authentication Bypass (CVE-2023-51467)
Malware Analysis, News and Indicators - Latest topics malware.news
The UNC4841 group, linked to China, is targeting Barracuda Email Security Gateway (ESG) appliances again, exploiting a new zero-day vulnerability identified as CVE-2023-7102.
Investigations revealed that attackers, using specially crafted Excel files attached to emails, targeted a limited number of Barracuda ESG devices to deploy new variants of SeaSpy and SaltWater malware.
It is important to note that there is a publicly available Proof-of-Concept (PoC) exploit for this vulnerability, raising concerns about potential widespread impact.
Background of UNC4841 Attacks …
apache apache ofbiz attackers authentication authentication bypass barracuda barracuda esg bypass china cve deploy devices email emails email security email security gateway esg excel exploiting files gateway investigations latest security security gateway targeting unc4841 vulnerabilities vulnerability zero-day zero-day vulnerabilities zero-day vulnerability