Cybersecurity Alert - FINRA Notifies Member Firms of FBI Flash (AC-000172-TT)

Impact: All Firms that use a Barracuda Email Security Gateway (ESG) Appliance

Firms should review this information with any vendors who provide email services.

FINRA is highlighting a recent Federal Bureau of Investigation (FBI) Flash published on August 23, 2023. According to the FBI Flash, all exploited Barracuda Email Security Gateway (ESG) appliances, even those with up-to-date security patches, remain at risk for continued computer network compromise from threat actors exploiting a zero-day vulnerability documented in CVE-2023-2868. 

By emailing malicious file attachments to victim organizations, threat actors purportedly use this vulnerability to insert payloads onto ESG appliances with a variety of capabilities, such as enabling persistent access to the email server, scanning of all emails on the server, login credential harvesting, and data exfiltration. The Cybersecurity and Infrastructure Security Agency (CISA) additionally issued an alert, which is regularly updated. 

As a result of the increased threat of exploitation of this vulnerability potentially impacting FINRA member firms, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program suggests firms evaluate the potential impact of this vulnerability to determine whether their systems, including those provided by vendors, are at risk. 

Additional detailed information regarding the vulnerability can be found on Barracuda’s or Mandiant’s website.

Questions related to this Alert or other cybersecurity-related topics can be emailed to the CAU.