fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

HPE Says Hackers Breached Aruba Central Using Stolen Access Key

HPE Says Hackers Breached Aruba Central Using Stolen Access Key

HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.

Aruba Central is a cloud networking solution that allows administrators to manage large networks and components from a single dashboard.

HPE disclosed today that a threat actor obtained an “access key” that allowed them to view customer data stored in the Aruba Central environment. The threat actor had access for 18 days between October 9th, 2021, and October 27th, when HPE revoked the key.

Also Read: 4 Reasons Why You Need an Actively Scanning Antivirus Software

The exposed repositories contained two datasets, one for network analytics and the other for Aruba Central’s ‘Contract Tracing‘ feature.

“One dataset (“network analytics”) contained network telemetry data for most Aruba Central customers about Wi-Fi client devices connected to customer Wi-Fi networks. A second dataset (“contact tracing”) contained location-oriented data about Wi-Fi client devices including which devices were in proximity to other Wi-Fi client devices,” explains an Aruba Central FAQ about the security incident.

The network analytics dataset exposed in these repositories included MAC addresses, IP addresses, operating systems, hostname, and for authenticated Wi-Fi networks, a person’s username.

The contract tracing dataset also included the date, time, and Wi-Fi access points users were connected to, potentially allowing the threat actor to track the general vicinity of users’ location.

“The data repositories also contained records of date, time, and the physical Wi-Fi access point where a device was connected, which could allow the general vicinity of a user’s location to be determined. The environment did not include any sensitive or special categories of personal data (as defined by GDPR),” reads the FAQ.

As HPE’s FAQ mentioned the word ‘buckets’ multiple times, a threat actor likely obtained the access key for a storage bucket used by the platform.

After performing an investigation into the breach, HPE concluded that:

  • No more than 30 days of data was stored within the environment at any time, as data in the network analytics and contact tracing features of the Aruba Central environment is automatically deleted every 30 days.
  • The environment included personal data, but no sensitive personal data.  The personal data includes MAC addresses, IP addresses, device operating system type and hostname, and some usernames. The contact tracing data also included users’ Access Point (AP) name, proximity, and duration of time connected to that AP.
  • The likelihood that your personal data was accessed is extremely low, based on extensive analysis of access and traffic patterns.
  • Security-sensitive information was not compromised, and so we do not believe there is any need to change passwords, change keys, or alter your network configuration.

HPE states that they are changing how they protect and store access keys to prevent future incidents.

Also Read: 5 Types of Ransomware, Distinguished

When we contacted HPE to learn more about how the access key was stolen, we were sent the following statement.

“We are aware of how the threat actors gained access and have taken steps to prevent it in the future. The access tokens were not tied to our internal systems. Our internal systems were not breached in this incident.” – HPE.

Update 11/10/21 07:00 PM EST: Added statement from HPE.

Thx to John for the tip!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us