Tag Archive for: ESG

Suspected PRC Cyber Actors Continue to Globally Exploit Barracuda ESG Zero-Day Vulnerability

/in


As a part of the FBI investigation into the exploitation of CVE-2023-2868, a zero-day vulnerability in Barracuda Network’s Email Security Gateway (ESG) appliances, the FBI has independently verified that all exploited ESG appliances, even those with patches pushed out by Barracuda, remain at risk for continued computer network compromise from suspected PRC cyber actors exploiting this vulnerability. For more details regarding malware found to date related to this exploit and learn more about Barracuda backdoors, please visit CISA Releases Malware Analysis Reports on Barracuda Backdoors. The cyber actors utilized this vulnerability to insert malicious payloads onto the ESG appliance with a variety of capabilities that enabled persistent access, email scanning, credential harvesting, and data exfiltration. The FBI strongly advises all affected ESG appliances be isolated and replaced immediately, and all networks scanned for connections to the provided list of indicators of compromise immediately. https://go.fbinet.fbi/news/Pages/Bringing-Private-Sector-to-the-Fight-Against-CyberAdversaries.aspx

CVE-2023-2868 is a remote command injection vulnerability that allows for unauthorized execution of system commands with administrator privileges on the ESG product. This vulnerability is present in the Barracuda ESG (appliance form factor only) versions 5.1.3.001- 9.2.0.006, and relates to a process that occurs when the appliance screens email attachments. The vulnerability allows cyber actors to format TAR file attachments in a particular manner and send them to an email address affiliated with a domain that has an ESG appliance connected to it. The malicious file’s formatting, when scanned, results in a command injection into the ESG that leads to system commands being executed with the privileges of the ESG. As the vulnerability exists in the scanning process, emails only need to be received by the ESG to trigger the vulnerability.

The earliest evidence of exploitation of Barracuda ESG appliances was observed in October 2022. Initially, suspected PRC cyber actors sent emails to victims containing TAR file attachments designed to exploit the vulnerability. In the earliest emails,…

Source…

Prevalent Enhances Platform Essentials with Unlimited Third-Party Ransomware and ESG Assessments

/in


Third-Party Risk Management Leader Helps Organizations Proactively Protect Against Prominent Threats

PHOENIX, Aug. 26, 2021 /PRNewswire/ — Prevalent, Inc., the company that takes the pain out of third-party risk management (TPRM), today announced crucial enhancements to its Platform Essentials solution enabling organizations to be more proactive in assessing third-party risks. These enhancements will enable organizations to achieve two important goals – immediately determining if a ransomware vulnerability affects their supply chain, and performing ESG assessments for their entire vendor population. This extended visibility on ransomware and ESG can help build a more comprehensive vendor risk profile that can be used to drive vendor profiling and tiering exercises.

Prevalent Inc. Logo (PRNewsFoto/Prevalent Inc.)

Prevalent Inc. Logo (PRNewsFoto/Prevalent Inc.)

“Third-party risk management professionals don’t have to look far to read about two of the most prominent risks facing their organizations today – ransomware and environmental, social and governance (ESG),” stated Alastair Parr, senior vice president of global products and risk for Prevalent, Inc. “Although different, each risk can result in significant business disruption or reputational damage if not properly managed. Once it became evident that these threats could affect organizations of all sizes, we quickly dedicated resources to enhance Platform Essentials, ensuring our customers could proactively protect against these risks while informing tiering decisions.”

Prevalent Platform Essentials is a SaaS solution for centralized onboarding, profiling, tiering and scoring of inherent risks across all third parties, and features these important capabilities:

  • Flexible vendor onboarding: Spreadsheet upload or API with supporting enterprise intake process

  • Inherent risk scoring: Out-of-the-box profiling and tiering assessment, including cyber and non-cyber content

  • Comprehensive profile: Includes industry and business insights, beneficial ownership, ESG scores from 12,000+ publicly-listed entities, and mapping of 4th-party relationships

  • Topical assessments: Determine ransomware risk and ESG policy adherence with standardized assessment templates

  • Risk register: Centrally visualize…

Source…