AMD fixes dozens of Windows 10 graphics driver security bugs
Void Balaur hackers-for-hire sell stolen mailboxes and private data
Russian ‘King of Fraud’ sentenced to 10 years for Methbot scheme
Windows 10 App Installer abused in BazarLoader malware attacks
The Week in Ransomware – November 12th 2021 – Targeting REvil
Microsoft Intune bug forces Samsung devices into non-compliant state
QBot returns for a new wave of infections using Squirrelwaffle
FTC shares ransomware defense tips for small US businesses
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Aruba Central
HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.
Aruba Central is a cloud networking solution that allows administrators to manage large networks and components from a single dashboard.
HPE disclosed today that a threat actor obtained an “access key” that allowed them to view customer data stored in the Aruba Central environment. The threat actor had access for 18 days between October 9th, 2021, and October 27th, when HPE revoked the key.
The exposed repositories contained two datasets, one for network analytics and the other for Aruba Central’s ‘Contract Tracing‘ feature.
“One dataset (“network analytics”) contained network telemetry data for most Aruba Central customers about Wi-Fi client devices connected to customer Wi-Fi networks. A second dataset (“contact tracing”) contained location-oriented data about Wi-Fi client devices including which devices were in proximity to other Wi-Fi client devices,” explains an Aruba Central FAQ about the security incident.
The network analytics dataset exposed in these repositories included MAC addresses, IP addresses, operating systems, hostname, and for authenticated Wi-Fi networks, a person’s username.
The contract tracing dataset also included the date, time, and Wi-Fi access points users were connected to, potentially allowing the threat actor to track the general vicinity of users’ location.
“The data repositories also contained records of date, time, and the physical Wi-Fi access point where a device was connected, which could allow the general vicinity of a user’s location to be determined. The environment did not include any sensitive or special categories of personal data (as defined by GDPR),” reads the FAQ.
As HPE’s FAQ mentioned the word ‘buckets’ multiple times, a threat actor likely obtained the access key for a storage bucket used by the platform.
After performing an investigation into the breach, HPE concluded that:
HPE states that they are changing how they protect and store access keys to prevent future incidents.
When we contacted HPE to learn more about how the access key was stolen, we were sent the following statement.
“We are aware of how the threat actors gained access and have taken steps to prevent it in the future. The access tokens were not tied to our internal systems. Our internal systems were not breached in this incident.” – HPE.
Update 11/10/21 07:00 PM EST: Added statement from HPE.
Thx to John for the tip!
Costco discloses data breach after finding credit card skimmer
Telnyx is the latest VoIP provider hit with DDoS attacks
MediaMarkt hit by Hive ransomware, initial $240 million ransom
US defense contractor Electronic Warfare hit by data breach
Robinhood discloses data breach impacting 7 million customers
Not a member yet? Register Now
Microsoft: New security updates trigger Windows Server auth issues
Costco discloses data breach after finding credit card skimmer
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

U.S. offers $10 million reward for leaders of REvil ransomware

State hackers breach defense, energy, healthcare orgs worldwideMediaMarkt hit by Hive ransomware,…

Microsoft starts rolling out a new Windows 11 media player

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

New Windows 11 Voice Access lets you control the OS with your voice

Emotet now drops Cobalt Strike, fast forwards ransomware attacksSonicWall ‘strongly urges’ customers…

Mozilla Thunderbird 91.3 released to fix high impact flaws

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…