"Popular IBM File Transfer Tool Vulnerable to Cyberattacks, CISA Says"

According to the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), the IBM Aspera Faspex file transfer tool, which many large organizations use, has a critical vulnerability that hackers are actively exploiting. CISA added the flaw, tracked as CVE-2022-47986, to its list of Known Exploited Vulnerabilities (KEV) catalog, along with two other vulnerabilities impacting the Mitel business communication platform. According to the agency, the IBM vulnerability poses significant risks to the federal enterprise. Bud Broomhead, CEO of the cybersecurity company Viakoo, highlighted that Aspera is so popular that it received an Emmy in 2014 for enabling faster media production workflows by allowing companies to exchange massive video files quickly. For many years, Aspera was the go-to solution for any organization transferring massive datasets, such as genomics and biomedical research, media production, military signals intelligence, or financial services. According to Broomhead, the vulnerability is simple to exploit and allows a remote attacker to conduct activities on a device without needing to circumvent network authentication processes. A search using the Internet scanning tool Shodan found 138 exposed Aspera Faspex instances. This article continues to discuss the IBM Aspera Faspex file transfer tool's vulnerability to cyberattacks. 

The Record reports "Popular IBM File Transfer Tool Vulnerable to Cyberattacks, CISA Says"