Barracuda fixes new ESG zero-day exploited by Chinese hackers

Chinese hacking group UNC4841 exploited a zero-day bug in Barracuda’s Email Security Gateway (ESG) appliances, leading the network and email security firm to remotely patch all active appliances and deploy further security updates for already compromised units. The weakness was found in the Spreadsheet::ParseExcel library used by the Amavis virus scanner running on Barracuda ESGs. The firm says no customer action is required and is conducting an ongoing investigation.