Recently, FINRA issued a cybersecurity alert bulletin to all member firms regarding a critical vulnerability within a software company’s transfer software, specifically affecting its Secure File Transfer Protocol module. The vulnerability could potentially allow for authentication bypass, FINRA warned. The software developer has released a security bulletin advising firms to upgrade to the latest version of the software to address this issue.

Additionally, a new risk has been identified in a third-party component within the company’s transfer software, which increases the risk of authentication bypass if not resolved. Firms are instructed to take precautionary measures, including blocking public inbound Remote Desktop Protocol access to the servers running the software and limiting outbound access to trusted endpoints only. The third-party will release a fix, which the software company will make available. The alert follows a similar incident in June 2023 for which FINRA also issued an advisory to member firms.

FINRA also reminds firms to reference Regulatory Notice 22-29 from December 2022, which provides guidance on ransomware risks and offers considerations for evaluating cybersecurity programs in response to ongoing threats.