Ransomware Crooks Are Exploiting IBM File-Exchange Bug With a 9.8 Severity (arstechnica.com) 18
Threat actors are exploiting a critical vulnerability in an IBM file-exchange application in hacks that install ransomware on servers, security researchers have warned. From a report: The IBM Aspera Faspex is a centralized file-exchange application that large organizations use to transfer large files or large volumes of files at very high speeds. Rather than relying on TCP-based technologies such as FTP to move files, Aspera uses IBM's proprietary FASP -- short for Fast, Adaptive, and Secure Protocol -- to better utilize available network bandwidth. The product also provides fine-grained management that makes it easy for users to send files to a list of recipients in distribution lists or shared inboxes or workgroups, giving transfers a workflow that's similar to email.
In late January, IBM warned of a critical vulnerability in Aspera versions 4.4.2 Patch Level 1 and earlier and urged users to install an update to patch the flaw. Tracked as CVE-2022-47986, the vulnerability makes it possible for unauthenticated threat actors to remotely execute malicious code by sending specially crafted calls to an outdated programming interface. The ease of exploiting the vulnerability and the damage that could result earned CVE-2022-47986 a severity rating of 9.8 out of a possible 10. On Tuesday, researchers from security firm Rapid7 said they recently responded to an incident in which a customer was breached using the vulnerability.
In late January, IBM warned of a critical vulnerability in Aspera versions 4.4.2 Patch Level 1 and earlier and urged users to install an update to patch the flaw. Tracked as CVE-2022-47986, the vulnerability makes it possible for unauthenticated threat actors to remotely execute malicious code by sending specially crafted calls to an outdated programming interface. The ease of exploiting the vulnerability and the damage that could result earned CVE-2022-47986 a severity rating of 9.8 out of a possible 10. On Tuesday, researchers from security firm Rapid7 said they recently responded to an incident in which a customer was breached using the vulnerability.
IBM... (Score:2)
Re: (Score:2)
So.... (Score:5, Funny)
Aspera uses IBM's proprietary FASP -- short for Fast, Adaptive, and Secure Protocol -- to better utilize available network bandwidth.
I suppose now it's just the Fast Adaptive Protocol. That's an unfortunate acronym.
Re: (Score:2)
Re: (Score:2)
Gah!
I visited this page just to post that, only to find out my EPYC (ahem) line was stolen...
Re: (Score:2)
How about FAIP, or Fast, Adaptive, and Insecure Protocol. We could have a lot of fun with this, since it's partially secure, Half FAS Protocol?
Is this an (Score:3)
Re: (Score:3)
By announcing crippling security flaws? Sure, why not.
Re: (Score:3)
Re: (Score:2)
Back to UDP? (Score:3)
I'm sort of curious what is so special about FASP? Does it use UDP like old-school active FTP that created a TCP session, then a data channel over UDP was done? Or does it do a "tunnel", set up keys on each side, and then does UDP over that, with some key management to set up encryption/authentication over a sliding window?
It would have to be UDP when over the Internet, as any other protocols likely would be dropped.
I'm sure it works, because even HTTP supports UDP, but wonder if it works well enough to pay the big bucks for these devices.
Re: (Score:1)
Re:Back to UDP? (Score:4, Informative)
FTP does NOT use UDP. Originally FTP was build to run over NCP which was simplex so it needed 2 channels one to send and one to receive. When FTP was updated to use TCP it retained the use of 2 channels, one for control and one for data.
For an explanation of the difference between active FTP and passive FTP see https://www.cosmos.esa.int/doc... [esa.int]
Re: (Score:2)
Re: (Score:2)
So update already (Score:1)
Re: (Score:2)
Don't cook your own protocols (Score:2)
No, not even when you are IBM, at least not today.