FINRA Issues Cybersecurity Alert Tied to FBI Warning

The Financial Industry Regulatory Authority (FINRA) has alerted member firms to a recent FBI flash warning that all exploited Barracuda Email Security Gateway appliances remain vulnerable to attacks from threat actors.

Even appliances with up-to-date security patches remain at risk for computer network compromise from hackers exploiting a previously reported vulnerability, FINRA’s cybersecurity notice said.

By emailing malicious file attachments to victim organizations, cyber criminals purportedly use this vulnerability to insert payloads onto the Barracuda Email Security Gateway appliances with a variety of capabilities, such as enabling persistent access to the email server, scanning of all emails on the server, login credential harvesting and data exfiltration, FINRA said.

Because the increased threat of exploitation of this vulnerability could hit member firms, the cyber and analytics unit within FINRA’s member supervision program suggests firms evaluate the potential effects of this vulnerability to determine whether their systems, including those provided by vendors, are at risk, the authority advised.

The affected Barracuda appliance is an email security gateway that manages and filters inbound and outbound email traffic to protect organizations from email-borne threats and data leaks, according to the company’s website. The firm offers it as a “virtual appliance.”

The Cybersecurity and Infrastructure Security Agency (CISA) regularly updates its alert on the situation, FINRA noted.

Firms can find further information on Barracuda’s or Mandiant’s websites.

Image: Adobe Stock