Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor
Leaked data breach

Regulation and Compliance > Cybersecurity

FINRA Issues Cybersecurity Alert Tied to FBI Warning

By Dinah Wisenberg Brin

X
Your article was successfully shared with the contacts you provided.

The Financial Industry Regulatory Authority (FINRA) has alerted member firms to a recent FBI flash warning that all exploited Barracuda Email Security Gateway appliances remain vulnerable to attacks from threat actors.

Even appliances with up-to-date security patches remain at risk for computer network compromise from hackers exploiting a previously reported vulnerability, FINRA’s cybersecurity notice said.

By emailing malicious file attachments to victim organizations, cyber criminals purportedly use this vulnerability to insert payloads onto the Barracuda Email Security Gateway appliances with a variety of capabilities, such as enabling persistent access to the email server, scanning of all emails on the server, login credential harvesting and data exfiltration, FINRA said.

Because the increased threat of exploitation of this vulnerability could hit member firms, the cyber and analytics unit within FINRA’s member supervision program suggests firms evaluate the potential effects of this vulnerability to determine whether their systems, including those provided by vendors, are at risk, the authority advised.

The affected Barracuda appliance is an email security gateway that manages and filters inbound and outbound email traffic to protect organizations from email-borne threats and data leaks, according to the company’s website. The firm offers it as a “virtual appliance.”

The Cybersecurity and Infrastructure Security Agency (CISA) regularly updates its alert on the situation, FINRA noted.

Firms can find further information on Barracuda’s or Mandiant’s websites.

Image: Adobe Stock

Dinah Wisenberg Brin

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.