ACT government falls victim to Barracuda’s ESG vulnerability

The Australian Capital Territory government is one of the victims of a vulnerability found in Barracuda’s email security gateway (ESG). In a press conference on 8 June, ACT government chief digital officer Bettina Konti said there is a likelihood that some personal information is involved but the harms assessment needs to completed for that to be clear.

Barracuda had first identified the CVE-2023-2838 vulnerability on 19 May issuing a patch worldwide on 20 May followed by a second patch on 21 May. A few days later, on 30 May, the vendor revealed the earliest identified evidence of exploitation took place in October 2022.

To read this article in full, please click here