All news with #barracuda tag

SOAPwn: WSDL/SOAP Flaw Enables File Writes in .NET

🛡️WatchTowr Labs has disclosed SOAPwn, an "invalid cast" vulnerability in the .NET Framework that lets attackers abuse WSDL imports and dynamically generated SOAP client proxies to write files and achieve remote code execution. The issue impacts products including Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. Barracuda addressed the flaw in Service Center RMM 2025.1.1 (CVE-2025-34392, CVSS 9.8) and Ivanti issued fixes in EPM 2024 SU4 SR1 (CVE-2025-13659, CVSS 8.8). Researchers presented the findings at Black Hat Europe after disclosures in March 2024 and July 2025.

GhostFrame Phishing Framework Surpasses One Million Attacks

🔍 A newly discovered phishing framework named GhostFrame has been linked to more than one million attacks, according to Barracuda. The kit uses a benign-looking outer HTML page that conceals a malicious iframe, enabling attackers to swap content, target regions and evade scanners without changing the visible landing page. GhostFrame employs a two-stage chain: the loader creates randomized subdomains and validates them before loading an internal credential-stealing page, and includes anti-analysis controls that block inspection shortcuts and restrict user actions. Barracuda recommends a multilayered defense—regular browser updates, staff training, email gateways and web filters, restricting iframe embedding, and monitoring for injected or redirected content.