Security researchers have warned that hackers have taken advantage of a critical vulnerability in an IBM file-sharing application. All for the sake of installing ransomware on company servers.
The IBM Aspera Faspex application is being usedlarge organizations to transfer large files or volumes of files at high speeds with fine control. It runs on an IBM proprietary protocol.
IBM has discovered a critical vulnerability in versions 4.4.2 Patch Level 1 and earlier and encouraged users to update the system to fix the flaw. The vulnerability, tracked as CVE-2022-47986, allows hackers to remotely execute malicious code by sending specially crafted calls to a legacy programming interface.
The researchers assessed the severity of the vulnerability in9.8 out of 10 for potential ease of use and damage. The vulnerability is used to install ransomware, and among the types of malware used is the Linux version of IceFire, which encrypts files. It is also speculated that attackers could use Aspera Faspex to steal sensitive data before encrypting servers.