Featured Story
HPE Warns of Critical RCE Flaws in Aruba Networking Access Points
HPE has released updates for Aruba Networking Access Points addressing two critical remote code execution vulnerabilities (CVE-2024-42509 and CVE-2024-47460). These affect the CLI service via the PAPI protocol on UDP port 8211, enabling unauthenticated attackers to execute arbitrary commands.
Four other vulnerabilities include:
- CVE-2024-47461, 47462, 47463 – Authenticated RCE and file creation
- CVE-2024-47464 – Path traversal vulnerability
HPE urges immediate upgrades on affected AOS-10.4.x.x, 8.12.x.x, and 8.10.x.x versions.
While no exploitation has been reported, this is a high-severity issue due to the simplicity of the attack vector. If patching isn’t possible, we recommend blocking UDP port 8211 and limiting management access via VLAN restrictions. Monitoring for suspicious CLI behavior is also critical.
Other Stories
Cybercriminals Exploit DocuSign APIs to Send Fake Invoices
Threat actors are abusing DocuSign’s legitimate API to distribute fake invoices and trick users into fraudulent payments. They’re using paid DocuSign accounts and brand impersonation to bypass email security filters and reach targets with realistic-looking requests.
These attacks bypass traditional filters because they originate from real DocuSign servers. Organizations should review their invoice approval workflows, verify sender legitimacy, and educate employees on detecting financial scams. Our Awareness Team can help develop custom training campaigns.
ToxicPanda Android Banking Trojan Targets Europe and LATAM
The ToxicPanda malware has compromised over 1,500 Android devices in Italy, Portugal, Spain, and Latin America. Based on the TgToxic family, it enables account takeovers using On-Device Fraud techniques and lacks advanced evasion features—making it dangerous but detectable.
Android’s dominant market share makes it a prime target for mobile banking fraud. Always download apps from trusted sources and be wary of installation prompts from SMS or social media. Threat actors have previously exploited the Play Store, so user awareness is key.
WARNING: Critical RCE Vulnerability in Synology Photos and BeePhotos – Patch Now
A CVSS 10.0-rated flaw (CVE-2024-10443) in Synology Photos and BeePhotos enables unauthenticated RCE, allowing attackers to gain root access and potentially deploy ransomware or exfiltrate data. Affects Synology Photos < 1.7.0-0795 and BeePhotos < 1.1.0-10053.
NAS systems are often accessible to broad internal assets like printers and backup devices. If exploited, attackers can pivot deeper into networks. Update immediately and monitor for unusual system activity. For major incidents, the Approach CSIRT team is on standby to support.
Contact the Approach Cyber SOC team for tailored support and training programs.
