CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances.
Download the newly released IOCs associated with this activity:
“This system allowed me to identify missing components when the model validation engine ran. These were components which had infrequent changes and therefore were not commonly documented. The ASSURANT™ model told us that there were some elements missing. When we compared our sources against the model result, we discovered existing legacy components which had previously lacked documentation. The addition of these components to the model has given us confidence in the model’s completeness and improved our cyber readiness.”
Cyber Model Engineer
“Without the ASSURANT™ attack path analysis visual capability, it’s difficult to explain the complexities of a cyber battlespace to non-experts, and us good guys in the fight are often only learning from our mistakes in the wake of a cyber-attack. The different ways to visualize attack paths allows time to get ahead of the tactics and techniques of cyber actors by allowing us to simulate “black hat” scenarios for when a network artifact becomes compromised.”
This material is based upon work supported by the United States Air Force under Contract No. FA8650-23-D-1061. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Air Force.