A China-nexus threat actor has attacked Barracuda Networks’ Email Security Gateway appliances for the second time this year. The new attack involves an exploitation of a zero-day vulnerability in a third-party open-source software library. Unlike previous attacks, this issue was remotely rectified and required no action from customers. However, Barracuda warns of further threat activity and has initiated ongoing investigations. The company has also disclosed a second software vulnerability for public awareness that currently lacks remediation efforts.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
