Barracuda

Image: Bing Image Creator

Email and network security firm Barracuda is working to fix an ongoing issue that triggers invalid login errors and prevents Email Gateway Defense users from signing into their accounts.

The root cause of the sign-in problems showing "The link to login is invalid" errors has already been identified, and the company says this known issue will be addressed until next Friday according to the current projected timeline.

"We are investigating login problems seen by users and have identified the problem. We are working on fixing the issue with a tentative timeline for the fix to be released on or before July 14th," Barracuda says.

"We thank you for your understanding and support as we work through this issue and sincerely apologize for any inconvenience it may cause."

The company is yet to reveal details on what is causing these login issues and how widespread they are.

A Barracuda spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

ESG zero-day exploited for data theft

This incident follows a series of data-theft attacks in which a suspected pro-China hacker group tracked by Mandiant as UNC4841 compromised Barracuda ESG (Email Security Gateway) appliances using a now-patched zero-day bug (CVE-2023-2868).

On May 19th, Barracuda revealed that the vulnerability was under active exploitation. As a precautionary measure, CISA also issued an alert for U.S. Federal agencies, ordering them to secure their networks against the attacks.

CVE-2023-2868 has been exploited since at least October 2022 to drop previously unknown malware and steal data from hacked appliances.

In a rather unconventional move earlier last month, Barracuda provided impacted customers with replacement devices at no cost, rather than merely re-image the existing devices with new firmware after warning that all hacked ESG appliances must be replaced immediately.

Barracuda claims its products and services are used by over 200,000 organizations worldwide, including high-profile ones such as Samsung, Delta Airlines, Mitsubishi, and Kraft Heinz.

Related Articles:

Monday.com removes "Share Update" feature abused for phishing attacks

AT&T delays Microsoft 365 email delivery due to spam wave

Microsoft will limit Exchange Online bulk emails to fight spam

Generative AI Security: Preventing Microsoft Copilot Data Exposure

Microsoft fixes bug behind incorrect BitLocker encryption errors