Barracuda's Failed Patch Leaves Email Security Appliances Vulnerable Amidst Dark Web Exploit Surge
Barracuda's failed patch for CVE-2023-2868 has left its email security gateway appliances vulnerable, with exploits still ongoing. Meanwhile, Flashpoint's recent research reveals a surge in vulnerability exploits traded on the dark web, impacting major enterprises like Microsoft 365 and VMware.
Flashpoint observed 27 vulnerability exploits listed for sale or purchased on the dark web in H1 2023. Notably, one-third of these exploits targeted Microsoft 365 products. Three reported purchases during Q1-Q2 included actively exploited CVEs, with CVE-2023-2868 in Barracuda's appliances bought for $15,000. CVE-2023-24489 impacting Citrix ShareFile was sold for $25,000, while exploits for CVE-2022-32548 affecting DrayTek routers were sold multiple times.
Companies affected in the first half of the year include Microsoft 365, VMware, and organizations using DrayTek networking equipment worldwide. IBM's annual report found that more than 5% of breaches were due to exploits of known, unpatched vulnerabilities. Other products targeted include those from Adobe, Fortinet, Oracle, Veeam, and VMware.
The increasing trade of vulnerability exploits on the dark web underscores the importance of timely patching and robust cybersecurity measures. With major enterprises like Microsoft 365 at risk, companies must prioritize addressing known vulnerabilities to mitigate potential breaches.
Read also:
- Trump announces Chinese leader's confirmation of TikTok agreement
- U.S. Army Europe & Africa Bolsters NATO, African Partnerships in Phase Zero
- SpaceX & T-Mobile Activate Starlink for Hurricane Helene Connectivity
- Hackers Utilize GOLD SALEM to Infiltrate Networks and Evade Security Measures, Deploying Warlock Ransomware