The Financial Industry Regulatory Authority (FINRA) has alerted member firms to a recent FBI flash warning that all exploited Barracuda Email Security Gateway appliances remain vulnerable to attacks from threat actors.
Even appliances with up-to-date security patches remain at risk for computer network compromise from hackers exploiting a previously reported vulnerability, FINRA's cybersecurity notice said.
By emailing malicious file attachments to victim organizations, cyber criminals purportedly use this vulnerability to insert payloads onto the Barracuda Email Security Gateway appliances with a variety of capabilities, such as enabling persistent access to the email server, scanning of all emails on the server, login credential harvesting and data exfiltration, FINRA said.
Because the increased threat of exploitation of this vulnerability could hit member firms, the cyber and analytics unit within FINRA's member supervision program suggests firms evaluate the potential effects of this vulnerability to determine whether their systems, including those provided by vendors, are at risk, the authority advised.