06/15/2023 08:00 AM EDT
Barracuda Networks has released an update to their advisory addressing a vulnerability—CVE-2023-2868—in their Email Security Gateway Appliance (ESG). According to Barracuda, customers should replace impacted appliances immediately.
CISA urges organizations to review the Barracuda advisory and for all impacted customers to follow the mitigation steps as well as hunt for the listed indicators of compromise (IOCs) to uncover any malicious activity. For more information, see Mandiant’s advisory on Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor.
Note: Customers who used enterprise privileged credentials for management of their Barracuda appliance (such as Active Directory Domain Admin or similar) should take immediate incident investigation steps to validate the use and behavior of all credentials used on the appliance. It is of utmost importance to verify that threat actors have not compromised customer enterprise networks via this entry vector.
Worker Deletes Thousands Of Files He Created After Finding Out That The Company That Fired Him For Being ‘Incompetent’ Is Still Using His Work
Most companies make new employees well aware that anything they create during work hours is no longer their intellectual property but belongs to the organization they work for. That doesn’t take the sting out of relinquishing the rights to everything you’ve spent time on when you leave employment as one fired employee learned the hard way.
In a Reddit post titled “I just deleted thousands of hours of work from my old job,” later shared on a TikTok account called “@reddit_replay,” a man described what happened when he realized his former employer was still using the work he created, despite telling him that he was not competent enough for the job. More…
Dubbed the AI Act, Europe’s draft regulations concerning the use of artificial intelligence are comprehensive and far-reaching. Here’s what you need to know.
[Bob says: Of course this act will set a world-wide precedent and standard, just as the GDPR has for privacy.]
Bruce Schneier Cryptogram
I have been reposting lots of Bruce’s articles for many years and at some level it is a little like plagiarism. This month’s issue is so chock full of security goodness that I decided simply to post the links he provided in his email.
If these links don’t work in your email client, try reading this issue of Crypto-Gram on the web.
- Micro-Star International Signing Key Stolen
- Microsoft Secure Boot Bug
- Security Risks of New .zip and .mov Domains
- Google Is Not Deleting Old YouTube Videos
- Credible Handwriting Machine
- Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws
- On the Poisoning of LLMs
- Expeditionary Cyberspace Operations
- Brute-Forcing a Fingerprint Reader
- Chinese Hacking of US Critical Infrastructure
- On the Catastrophic Risk of AI
- Open-Source LLMs
- The Software-Defined Car
- Snowden Ten Years Later
- How Attorneys Are Harming Cybersecurity Incident Response
- Paragon Solutions Spyware: Graphite
- Operation Triangulation: Zero-Click iPhone Malware
- AI-Generated Steganography
- Identifying the Idaho Killer
- On the Need for an AI Public Option