#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Barracuda networks | Breaking Cybersecurity News | The Hacker News

Category — Barracuda networks
Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents

Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents

Aug 31, 2023 Cyber Attack / Hacking
A hacking outfit nicknamed  Earth Estries  has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit activities," Trend Micro researchers Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, and Gilbert Sison  said . Active since at least 2020, Earth Estries is said to share tactical overlaps with another nation-state group tracked as  FamousSparrow , which was first exposed by ESET in 2021 as exploiting ProxyLogon flaws in Microsoft Exchange Server to penetrate hospitality, government, engineering, and legal sectors. It's worth pointing out that commonalities have also been unearthed between FamousSparrow and  UNC4841 , an uncategorized activity cluster held respo...
Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

Aug 29, 2023 Network Security / Zero Day
A suspected Chinese-nexus hacking group exploited a  recently disclosed zero-day flaw  in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name  UNC4841 , described the threat actor as "highly responsive to defensive efforts" and capable of actively tweaking their modus operandi to maintain persistent access to targets. "UNC4841 deployed new and novel malware designed to maintain presence at a small subset of high priority targets that it compromised either before the patch was released, or shortly following Barracuda's remediation guidance," the Google-owned threat intelligence firm  said  in a new technical report published today. Almost a third of the identified affected organizations are government agencies. Interestingly enough, some of the earliest compromises...
Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

Mar 11, 2025Breach Simulation / Penetration Testing
In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...
Server Misconfiguration discloses passwords of all Barracuda Network Employees

Server Misconfiguration discloses passwords of all Barracuda Network Employees

Jul 25, 2013
Security expert Ebrahim Hegazy has found a Password disclosure vulnerability in Barracuda update servers which allows to gain access to employee credentials. The Egyptian information security advisor Ebrahim Hegazy( @Zigoo0 ) has found a Password disclosure vulnerability in one of Barracuda update servers which allows the attackers to gain access to all its employee data. When the system administrator needs to protect a directory with a second authentication layer (basic authentication ) besides the back-end authentication, he can do it with multiple methods, one of that methods is through the configuration of .htaccess and .htpasswd files. A proper configuration could prevent a visitor to surf reserved area (e.g /Cpanel or /admin), in this scenario a popup proposes to the user asking to enter authentication credentials, that credentials are saved inside .htpasswd file as: Username:Password In normal scenarios the .htpasswd file should be stored outside the we...
cyber security

The State of GRC 2025: From Cost Center to Strategic Business Driver

websiteDrataGovernance / Compliance
Drata's new report takes a look at how GRC professionals are approaching data protection regulations, AI, and the ability to maintain customer trust.
Barracuda Networks Launches Bug Bounty Program for Security Products

Barracuda Networks Launches Bug Bounty Program for Security Products

Nov 14, 2010
Barracuda Networks announced on Tuesday that it will pay over $3,100 to anyone who can hack into its security products. This bug bounty program is the first of its kind from a pure-play security vendor. "This initiative reflects our commitment to our customers and the security community at large," said Paul Judge, Chief Research Officer at Barracuda. The security firm has included its Spam & Virus Firewall, Web Filter, Web Application Firewall, and NG Firewall in the bug bounty program. Patch or Public Disclosure Last week, Google launched a bug bounty program to pay for vulnerabilities, joining many other vendors willing to pay security researchers for information about vulnerabilities. These efforts aim to fix flaws as soon as possible to prevent exploitation as zero-day attacks. Barracuda's bug bounty program will pay up to $3,133.70 for "particularly severe bugs," a nod to the slang "leet" number 31337, meaning "elite" in the security commu...
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources