IBM Aspera Faspex is used by large organizations to transfer large files or file volumes at high speeds with precise control. It runs on an IBM proprietary protocol.
IBM discovered a critical vulnerability in 4.4.2 Patch Level 1 and earlier and encouraged users to update the system to fix the flaw. The vulnerability, tracked as CVE-2022-47986, allows hackers to remotely execute malicious code by sending specially crafted calls to a legacy programming interface.
The researchers rated the severity of the vulnerability as 9.8 out of 10, given the potential for exploitation and ease of damage. The vulnerability is used to install ransomware, and among the types of malware used is the Linux version of IceFire, which encrypts files. It is also speculated that attackers could use Aspera Faspex to steal sensitive data before encrypting the servers.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
