WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2025 Poal.co

765

(post is archived)

[–] 3 pts (edited )

Barracudas are trash. The reason why it went undetected for so long was likely because most email admins turn off a lot of malware scanning features so email will just work.

[–] 1 pt

I know. The things flag just about damn near everything as bad.

I communicate with an organization that has one. I use a domain with one of the newer TLDs, and the stupid thing flags it as spam every time and I know the security records on my email are set up properly. It's a pain in the ass.

[–] 1 pt

The pivot from patch to total replacement of affected devices is fairly stunning and implies the malware the threat actors deployed somehow achieves persistence at a low enough level that even wiping the device wouldn’t eradicate attacker access,

Nicholas Weaver, a researcher at University of California, Berkeley’s International Computer Science Institute (ICSI), said it is likely that the malware was able to corrupt the underlying firmware that powers the ESG devices in some irreparable way.

My guess is that the device’s remote update mechanism allows installation of firmware updates and the attackers somehow commandeered that.

[–] 3 pts

Barracuda boxes are kind of black boxes to the end user, there are management structures and pathways that you, as an end user, can't access.

They're awesome when they work right, but they always seem to be one oopsie away from calling support and having them tunnel into it to clear a relatively benign error that the end user should have been able to click "Ok" on.

[–] 1 pt

This is a bad as it gets for a "Security apliance company".

Maybe a hardware backdoor commanded by the Clowns In Am3rica, that got discovered by the wrong person.

If that's the case, we can expect much more cases just like this in the future.