Exploit: Credential Compromise
Hewlett Packer Enterprise: Business Technology Services
Risk to Business: 1.615= Severe
Hewlett Packer Enterprise (HPE) just informed customers that use its Aruba networking unit that their information may have been exposed in a cyberattack on its Aruba Central cloud environment in late October. The company outlined the incident in a statement to the press “On 2 November, HPE discovered that an access key to data related to the network analytics and contact-tracing features of Aruba Central, our cloud-based network management and monitoring solution, was compromised and used by an external actor to access the environment over a period of 18 days between 9 and 27 October 2021.” HPE went on to specify that the data in question included “identifying device media access control (MAC) addresses, IP addresses, device operating systems type and hostnames, and user names for Wi-FI networks where authentication is used, as well as dates, times, and physical Wi-Fi access points (APs) to which devices connected.” The incident is under investigation
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Cybercriminals will do anything to obtain a legitimate user credential because it gives them the keys to the kingdom, enabling them to do massive damage quickly.
Source: Computer Weekly