Critical Aruba Networking Vulnerabilities: A Wake-Up Call for IoT Security
This week, HPE released patches for six vulnerabilities in its Aruba Networking access points, two of which are critical. Tracked as CVE-2024-42509 (CVSS 9.8) and CVE-2024-47460 (CVSS 9.0), these command injection bugs could allow unauthenticated remote attackers to execute arbitrary code with privileged access. The flaws impact multiple versions of Aruba’s AOS-8 and AOS-10 software, including end-of-life releases.
Mitigation strategies include enabling cluster security for AOS-8 devices or blocking access to port UDP/8211 for AOS-10. HPE credited these discoveries to its bug bounty program and confirmed the availability of patches in the latest software updates.
With IoT devices increasingly integrated into critical infrastructure, these vulnerabilities underline the need for robust security frameworks. Organizations relying on Aruba Networking solutions should act swiftly to implement patches and network segmentation to reduce exposure.
Palo Alto Networks Exploitation: CVE-2024-5910 Under Attack
A critical flaw in Palo Alto Networks’ Expedition tool is now being actively exploited, according to CISA. CVE-2024-5910, a missing authentication vulnerability, allows attackers to seize admin accounts and compromise sensitive configurations. Despite the flaw being patched in July, its exploitation highlights the urgency of timely patch management.
Cybersecurity firm Horizon3.ai recently released detailed technical insights on this and related Expedition vulnerabilities. While less than two dozen instances of Expedition are internet-facing, attackers are leveraging the tool’s unique role in configuration migrations for highly targeted operations.
Federal agencies are mandated to address the flaw by the end of November, a reminder that even niche tools can be exploited with devastating effects.
North Korean APT Targets macOS with Novel Malware Campaign
North Korea’s BlueNoroff group is targeting macOS users with a sophisticated campaign dubbed Hidden Risk, researchers from SentinelOne report. The operation leverages phishing emails and fake cryptocurrency-themed PDFs to deliver malware that bypasses Apple’s latest security features.
The malware, signed with a now-revoked Apple Developer ID, employs advanced persistence techniques and communicates with a command-and-control (C2) server. Victims are primarily cryptocurrency firms and DeFi organizations, a continuation of BlueNoroff's financial cybercrime focus.
This campaign highlights the growing threats against macOS systems, urging organizations to implement stringent email security and threat detection measures.
Cybersecurity Spending to Hit $212 Billion by 2025 Amid Rising Breaches
Global information security spending is forecasted to exceed $212 billion by 2025, according to Gartner. Despite this 15.1% growth, breaches tied to human error persist, as emphasized in Verizon’s latest DBIR, which attributes 68% of data breaches to the human element.
The MGM Resorts ransomware incident is a stark reminder of how social engineering can bypass even the most advanced defenses. Organizations must allocate budgets strategically to include comprehensive security awareness training, Zero Trust models, and multi-factor authentication.
Resilience, not just defense, is key. Businesses should invest in proactive measures to counter the evolving threat landscape.
New Player in AI-Powered Cyber Defense: Embed Security Secures $6 Million
Embed Security, a startup leveraging AI to automate security operations, has raised $6 million in funding led by Paladin Capital Group. The company’s agentic security platform aims to assist overburdened analysts by automating threat detection and investigation.
Early adopters from sectors like automotive and insurance are already piloting Embed’s platform. With a focus on scalability and adaptability, Embed Security exemplifies the rising role of AI in modern cybersecurity.
Crimeware Alert: SteelFox Bundles Malware with Popular Software
Researchers have uncovered a crimeware campaign named SteelFox, targeting users via fake installers for software like Foxit PDF Editor and AutoCAD. Active since early 2023, the malware bundle includes a cryptocurrency miner and an infostealer capable of exfiltrating sensitive data.
SteelFox infections are distributed through torrents and forums, emphasizing the risks of unverified software sources. The campaign has already affected victims across multiple countries, including Algeria, Brazil, and Vietnam.
To combat such threats, organizations and individuals should rely on official software repositories and employ robust endpoint protection solutions.
Cisco Patches Critical Wireless and SQL Injection Vulnerabilities
Cisco has patched a critical command injection vulnerability (CVE-2024-20418, CVSS 10.0) in its Unified Industrial Wireless software. The flaw allows unauthenticated remote attackers to execute commands with root privileges on affected devices. The company also fixed a high-severity SQL injection vulnerability in its Nexus Dashboard Fabric Controller (NDFC).
With industrial systems increasingly targeted, these patches are vital for organizations in manufacturing, logistics, and critical infrastructure. Cisco encourages users to update affected devices promptly to safeguard against potential exploitation.
Microlise Cyberattack Disables Vehicle Tracking and Security Systems
UK-based fleet tracking provider Microlise suffered a cyberattack that temporarily disrupted critical tracking and alarm systems used by prison vans and couriers. While no customer data was compromised, employee data may have been affected.
The incident raises questions about the resilience of systems supporting public safety operations. Affected clients, including Serco and DHL, implemented contingency measures, such as manual communication protocols and paper maps, to maintain services.
Microlise’s swift response underscores the importance of incident response plans for mitigating operational disruptions caused by cyber incidents.
ToxicPanda: Chinese Banking Malware Expands to Europe
Cleafy researchers have identified ToxicPanda, a Chinese-linked Android banking trojan targeting European users. The malware uses remote access trojan (RAT) capabilities to bypass multi-factor authentication and steal funds directly from banking apps.
With over 1,500 devices already infected, the campaign marks a geographic shift for Chinese-speaking threat actors, previously focused on Southeast Asia. ToxicPanda’s development indicates a growing sophistication in on-device fraud techniques, presenting a significant challenge for financial institutions.
The rise of mobile malware like ToxicPanda underscores the urgent need for enhanced app security and user education to prevent account takeovers.