Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 39 – 2024

Publication date

27.09.2024

Featured Story

HPE Aruba Networking fixes critical flaws impacting Access Points

HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices.

The vulnerabilities (CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507) can be exploited by sending specially crafted packets to the PAPI (Aruba’s Access Point management protocol) UDP port (8211) to get privileged access to execute arbitrary code on vulnerable devices.

Affected software versions include:

  • AOS-10.6.x.x: 10.6.0.2 and below
  • AOS-10.4.x.x: 10.4.1.3 and below
  • Instant AOS-8.12.x.x: 8.12.0.1 and below
  • Instant AOS-8.10.x.x: 8.10.0.13 and below
SOC Analysis: These flaws can easily be weaponised, providing attackers with full control over compromised devices. Organizations should prioritise patching or apply the recommended workarounds to mitigate exposure—especially if port UDP/8211 is exposed.

Other Stories

Cisco Patches High-Severity Vulnerabilities in IOS Software

Cisco has released patches for 11 vulnerabilities, including six high-severity remote DoS flaws in IOS and IOS XE. These can be exploited by sending crafted packets without authentication.

SOC Analysis: These DoS vulnerabilities are particularly dangerous for critical infrastructure. Patch your Cisco devices promptly to avoid operational disruption.

Third Ivanti Bug Comes Under Active Exploit, CISA Warns

CVE-2024-7593 is an authentication bypass in Ivanti vTM allowing attackers to gain admin access. It has been added to CISA’s Known Exploited Vulnerabilities list.

SOC Analysis: The proof-of-concept availability makes exploitation imminent. Patch Ivanti’s vTM immediately to avoid network compromise and data theft.

Safeonweb Campaign 2024: prevent 80% of hacks with two-step verification

As part of European Cybersecurity Month, CCB, Febelfin and the Cyber Security Coalition have launched a nationwide awareness campaign encouraging 2FA adoption.

SOC Analysis: Enabling 2FA adds an essential layer of security. This campaign is a great reminder to activate two-step verification on all personal and professional accounts.

Want to enhance your organization’s cyber awareness or compliance strategy?
Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?