I missed this one, so picking it up now. Barracuda Networks sent an urgent notice last week telling customers to immediately decommission and replace all instances of their Email Security Gateway (ESG) appliance regardless of patch version level. If you still need to replace your appliance after receiving a notice in your UI, contact support now ([email protected]). Barracuda’s remediation recommendation at this time is a full replacement of the impacted ESG,” the company said. The notice indicates contacting support “to obtain a new ESG virtual or hardware appliance.”
Barracuda said the footprint of the incident appears to be limited. As of Thursday, “approximately 5% of active ESG appliances worldwide have shown any evidence of known indicators of compromise due to the vulnerability,” according to a statement from a company representative.
Why do we care?
Key to this for me was the opportunity to get a new device from Barracuda. It’s not clear if this is paid or free. I’ll give them the benefit of the doubt and assume free (although check if you’re impacted!).
One of the key thrusts of the Biden administration’s efforts around cyber is shifting some responsibility onto the manufacturers for safely patching their devices. While I won’t state that this is directly a result, I will observe the outcome.

