HAN
Company Details
Linkedin ID:
aruba-a-hewlett-packard-enterprise-company
Website:
Employees number:
5,299
Number of followers:
261,409
NAICS:
5415
Industry Type:
Homepage:
hpe.com
IP Addresses:
0
Company ID:
HPE_2803477
Scan Status:
In-progress
HPE Aruba Networking Company CyberSecurity Posture
hpe.com
HPE Aruba Networking designs and delivers Mobility-Defined Networks that empower a new generation of tech-savvy users.
HPE Aruba Networking A.I CyberSecurity Scoring
HAN Risk Score (AI oriented)Between 750 and 799
HAN
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
HAN Global Score (TPRM)XXXX
HAN
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
HAN Company CyberSecurity News & History
Past Incidents
7
Attack Types
2
Aruba, a Hewlett Packard Enterprise company
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Aruba Central network monitoring platforms suffered from a data breach incident that allowed a threat actor to access collected data about monitored devices and their locations. The exposed information contained two datasets, one for network analytics and the other for Aruba Central's 'Contract Tracing' feature. "One dataset ("network analytics") includes network telemetry information about Wi-Fi client devices connected to customer Wi-Fi networks for the majority of Aruba Central customers. Another dataset called "contact tracing" comprised location-specific information on Wi-Fi client devices, such as which devices were close to other Wi-Fi client devices. The compromised information includes MAC addresses, IP addresses, device operating system type and hostname, and some usernames. The contact tracing data also included users’ Access Point (AP) name, proximity, and duration of time connected to that AP. They said it's not necessary to change passwords, change encryption keys, or modify your network setup because security-sensitive data was not compromised. In order to stop reoccurring problems, HPE said they are modifying how they safeguard and keep access keys.
Hewlett Packard Enterprise
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: In a significant cyber incident, Hewlett Packard Enterprise (HPE) suffered a breach attributed to Russian state-backed hackers. The attackers infiltrated HPE’s systems in May 2023, which included email mailboxes and Microsoft SharePoint systems, leading to the theft of sensitive personal information. This data comprised Social Security numbers, driver’s license details, and credit card numbers. The breach reflects the growing trend of hostile nations engaging in cyber-espionage and underscores the importance of robust security measures to protect personal data.
Hewlett-Packard Enterprise (HPE)
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: In October 2016, Hewlett-Packard Enterprise (HPE) experienced a significant data breach involving a compromised laptop belonging to an employee working on a U.S. Navy contract. The breach exposed sensitive information from the **Career Waypoints (C-WAY) database**, a system used by sailors to manage reenlistment requests and Navy Occupational Specialty details. The leaked data included **personal information of 134,386 current and former U.S. Navy sailors**, such as **names and Social Security numbers (SSNs)**. The incident stemmed from unauthorized access to the employee’s laptop, which contained unencrypted C-WAY records. While the exact method of compromise was not disclosed, the exposure of such highly sensitive military personnel data posed severe risks, including **identity theft, targeted phishing, and potential national security concerns**. The U.S. Navy, alongside HPE, launched an investigation, but the breach underscored critical vulnerabilities in **third-party contractor security protocols** and the handling of classified or personally identifiable information (PII). The fallout included **reputational damage to HPE**, heightened scrutiny over defense contractor cybersecurity practices, and mandatory credit monitoring for affected sailors. The breach also prompted reviews of **data encryption standards** and access controls for systems managing military personnel records.
Hewlett Packard Enterprise (HPE)
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: In 2024, Hewlett Packard Enterprise (HPE) disclosed a significant data breach orchestrated by the state-linked hacking group **Midnight Blizzard (APT29)**. The attackers compromised a **Microsoft 365 email account** as early as **May 2023**, remaining undetected for **seven months** until December 2023. While only a small percentage of mailboxes—primarily in **cybersecurity and business operations**—were accessed, the exposed emails contained **highly sensitive personal identifiers**, including **Social Security numbers, driver’s licenses, and payment card details**.The breach underscored the vulnerabilities of **unencrypted email systems**, as the attackers exfiltrated months of communications containing **financial reports, identity documents, and internal strategies**. Had **end-to-end encryption** been in place, the stolen data would have been rendered unusable (ciphertext) without the account owners’ private keys. The incident highlighted how **dwell time** in email breaches can lead to **massive data exposure**, as archives often span years of historical communications. HPE’s case serves as a warning that even **global enterprises** with robust security measures are not immune to **sophisticated, prolonged cyber intrusions** targeting email environments.
Hewlett Packard Enterprise (HPE)
Vulnerability
Rankiteo Explanation
Attack without any consequences: Attack in which data is not compromised
Description: A critical vulnerability in HPE Aruba Networking Instant On Access Points allows attackers to bypass device authentication mechanisms completely. The flaw, tracked as CVE-2025-37103, involves hardcoded login credentials embedded within the devices’ software. This presents a severe security risk with a maximum CVSS score of 9.8. The vulnerability affects firmware 3.2.0.1 and below, potentially exposing countless enterprise networks to unauthorized administrative access. The issue was discovered through HPE Aruba Networking’s Bug Bounty program and requires an immediate firmware update to mitigate the risk.
Hewlett Packard Enterprise (HPE)
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A critical vulnerability in HPE's Insight Remote Support tool allows attackers to execute code remotely on affected systems without authentication. Identified as CVE-2024-53676, the vulnerability is due to improper validation of file paths, letting attackers overwrite system files and execute arbitrary payloads with SYSTEM-level privileges. While there's a need for valid device registration credentials, and the Java process must have appropriate write permissions, a proof-of-concept exploit is available publicly, and active exploitation is considered imminent. HPE has yet to release an official patch, urging users to isolate management interfaces and monitor for unauthorized file write operations as interim mitigation.
Hewlett Packard Enterprise
Vulnerability
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: HPE's Insight Remote Support tool has a critical vulnerability tracked as CVE-2024-53676, potentially allowing unauthenticated attackers to execute code on affected systems. The flaw allows for directory traversal attacks to overwrite system files, leading to SYSTEM-level privileges being compromised. There are currently no patches available. This vulnerability exposes organizations to significant risks, as attackers can deploy malicious payloads without authentication. The current suggested mitigations include isolating management interfaces, monitoring file operations, and analyzing SOAP traffic for suspicious activities. As exploit techniques are being refined, timely and stringent defensive measures are essential to prevent possible active exploitations that could severely impact operations and sensitive data.
HAN Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for HAN
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for HPE Aruba Networking in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for HPE Aruba Networking in 2025.
Incident Types HAN vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for HPE Aruba Networking in 2025.
Incident History — HAN (X = Date, Y = Severity)
HAN cyber incidents detection timeline including parent company and subsidiaries
HAN Company Subsidiaries
HPE Aruba Networking designs and delivers Mobility-Defined Networks that empower a new generation of tech-savvy users.
Loading...
HAN Similar Companies
Orange Business
At Orange Business, our ambition is to become the leading european Network and Digital Integrator by leveraging our proven expertise in next-generation connectivity solutions, the cloud and cybersecurity. Our 30,000 women and men are present in 65 countries, where every voice counts. Together, we a
Sopra Steria
Sopra Steria, a major Tech player in Europe with 51,000 employees in nearly 30 countries, is recognised for its consulting, digital services and solutions. It helps its clients drive their digital transformation and obtain tangible and sustainable benefits. The Group provides end-to-end solutions to
LTIMindtree
LTIMindtree is a global technology consulting and digital solutions company that enables enterprises across industries to reimagine business models, accelerate innovation, and maximize growth by harnessing digital technologies. As a digital transformation partner to more than 700 clients, LTIMindtre
Softtek
Founded in 1982 by a small group of entrepreneurs, Softtek started out in Mexico providing local IT services, and today is a global leader in next-generation digital solutions. The first company to introduce the Nearshore model, Softtek helps Global 2000 organizations build their digital capabilitie
SoftServe
SoftServe is a premier IT consulting and digital services provider. We expand the horizon of new technologies to solve today's complex business challenges and achieve meaningful outcomes for our clients. Our boundless curiosity drives us to explore and reimagine the art of the possible. Clients conf
inDrive is a global mobility and urban services platform. The inDrive app has been downloaded over 360 million times, and has been the second most downloaded mobility app for the third consecutive year. In addition to ride-hailing, inDrive provides an expanding list of urban services, including inte
Minsait
We are one of the world's leading consultancies in technological services for companies and the public sector. With headquarters in Spain and presence in more than 100 countries, we combine experience in AI, data, cloud and cybersecurity to help companies and organizations generate a positive impact
Verizon
We get you. You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. You’ll find all that here. Because we empower you. We power and empower how people live, work and play by connecting them to what bri
Virtusa
Virtusa is a global product and platform engineering services company that makes experiences better with technology. We help organizations grow faster, more profitably, and more sustainably by reimagining enterprises through domain-driven solutions. We combine strategy, design, and engineering, back
.png)
HAN CyberSecurity News
October 28, 2025 07:00 AM
Tufin Strengthens AI Data Center Security Capabilities with Addition of HPE Aruba Networking Support
HPE Aruba adds to Tufin's strong support for prominent AI data center technologies including firewalls, switches, and edge devices.
October 22, 2025 07:00 AM
A-Networks partners Plexus Global to host Aruba Tech Fusion 2.0
A-Networks (Pvt) Ltd., in partnership with Plexus Global (Pvt) Ltd., a leading IT and mobility distribution company in Sri Lanka,...
August 11, 2025 07:00 AM
HPE Expands Cybersecurity and Data Protection Portfolio
HPE used the stage at Black Hat USA 2025 to announce updates aimed at strengthening enterprise cybersecurity, resilience, and compliance.
August 08, 2025 07:00 AM
HPE unveils AI-driven security & data protection updates
HPE unveils AI-driven security and data protection updates, integrating Juniper tech to boost cybersecurity and speed up enterprise backup...
August 08, 2025 07:00 AM
HPE Unveils Powerful AI Cybersecurity Tools After Juniper Deal
Hewlett-Packard Enterprise Company (NYSE:HPE) is one of the Top AI Stocks Taking Wall Street by Storm. On August 5, the company announced...
August 07, 2025 07:00 AM
HPE unveils new security tools at Black Hat USA
HPE has expanded its cybersecurity, resiliency and compliance portfolio with a range of new solutions driven by AI and other emerging...
August 07, 2025 07:00 AM
HPE Unveils New AI-Driven Security, Advanced Data Protection Solutions
Hewlett Packard Enterprise has announced a significant expansion of its cybersecurity, resiliency and compliance solutions to protect...
August 06, 2025 07:00 AM
HPE unveils integrated AI security & data protection upgrades
HPE Aruba Networking has announced a major expansion of its cybersecurity and data protection offerings, highlighting increased integration...
August 05, 2025 07:00 AM
HPE launches offerings at Black Hat to strengthen network security, data protection and cyber resiliency
Artificial intelligence was on the menu once again at Black Hat USA today, as Hewlett Packard Enterprise Co. rolled out a new,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
HAN CyberSecurity History Information
Official Website of HPE Aruba Networking
The official website of HPE Aruba Networking is http://hpe.com/networking.
HPE Aruba Networking’s AI-Generated Cybersecurity Score
According to Rankiteo, HPE Aruba Networking’s AI-generated cybersecurity score is 753, reflecting their Fair security posture.
How many security badges does HPE Aruba Networking’ have ?
According to Rankiteo, HPE Aruba Networking currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does HPE Aruba Networking have SOC 2 Type 1 certification ?
According to Rankiteo, HPE Aruba Networking is not certified under SOC 2 Type 1.
Does HPE Aruba Networking have SOC 2 Type 2 certification ?
According to Rankiteo, HPE Aruba Networking does not hold a SOC 2 Type 2 certification.
Does HPE Aruba Networking comply with GDPR ?
According to Rankiteo, HPE Aruba Networking is not listed as GDPR compliant.
Does HPE Aruba Networking have PCI DSS certification ?
According to Rankiteo, HPE Aruba Networking does not currently maintain PCI DSS compliance.
Does HPE Aruba Networking comply with HIPAA ?
According to Rankiteo, HPE Aruba Networking is not compliant with HIPAA regulations.
Does HPE Aruba Networking have ISO 27001 certification ?
According to Rankiteo,HPE Aruba Networking is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of HPE Aruba Networking
HPE Aruba Networking operates primarily in the IT Services and IT Consulting industry.
Number of Employees at HPE Aruba Networking
HPE Aruba Networking employs approximately 5,299 people worldwide.
Subsidiaries Owned by HPE Aruba Networking
HPE Aruba Networking presently has no subsidiaries across any sectors.
HPE Aruba Networking’s LinkedIn Followers
HPE Aruba Networking’s official LinkedIn profile has approximately 261,409 followers.
NAICS Classification of HPE Aruba Networking
HPE Aruba Networking is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
HPE Aruba Networking’s Presence on Crunchbase
Yes, HPE Aruba Networking has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/aruba-networks.
HPE Aruba Networking’s Presence on LinkedIn
Yes, HPE Aruba Networking maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/aruba-a-hewlett-packard-enterprise-company.
Cybersecurity Incidents Involving HPE Aruba Networking
As of December 05, 2025, Rankiteo reports that HPE Aruba Networking has experienced 7 cybersecurity incidents.
Number of Peer and Competitor Companies
HPE Aruba Networking has an estimated 36,998 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at HPE Aruba Networking ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.
How does HPE Aruba Networking detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with modifying how they safeguard and keep access keys, and communication strategy with informed that it's not necessary to change passwords, change encryption keys, or modify your network setup, and containment measures with isolate management interfaces, and enhanced monitoring with monitor for unauthorized file write operations, and containment measures with isolating management interfaces, containment measures with monitoring file operations, containment measures with analyzing soap traffic for suspicious activities, and containment measures with upgrade firmware to version 3.2.1.0 or later, and remediation measures with remove hardcoded credential branch from authenticate() routine and enforce robust credential management policies, and network segmentation with segment management traffic to trusted administrative vlans, and enhanced monitoring with audit access logs for suspicious web interface logins, and incident response plan activated with yes (disclosed in 2024 after detection in december 2023), and communication strategy with public disclosure in 2024..
Incident Details
Can you provide details on each incident ?
Title: Aruba Central Data Breach
Description: Aruba Central network monitoring platforms suffered from a data breach incident that allowed a threat actor to access collected data about monitored devices and their locations.
Type: Data Breach
Title: Hewlett Packard Enterprise Breach by Russian State-Backed Hackers
Description: Hewlett Packard Enterprise (HPE) suffered a breach attributed to Russian state-backed hackers. The attackers infiltrated HPE’s systems in May 2023, which included email mailboxes and Microsoft SharePoint systems, leading to the theft of sensitive personal information. This data comprised Social Security numbers, driver’s license details, and credit card numbers. The breach reflects the growing trend of hostile nations engaging in cyber-espionage and underscores the importance of robust security measures to protect personal data.
Date Detected: May 2023
Type: Data Breach
Attack Vector: Email mailboxesMicrosoft SharePoint systems
Threat Actor: Russian state-backed hackers
Motivation: Cyber-espionage
Title: Critical Vulnerability in HPE's Insight Remote Support Tool
Description: A critical vulnerability in HPE's Insight Remote Support tool allows attackers to execute code remotely on affected systems without authentication. Identified as CVE-2024-53676, the vulnerability is due to improper validation of file paths, letting attackers overwrite system files and execute arbitrary payloads with SYSTEM-level privileges. While there's a need for valid device registration credentials, and the Java process must have appropriate write permissions, a proof-of-concept exploit is available publicly, and active exploitation is considered imminent. HPE has yet to release an official patch, urging users to isolate management interfaces and monitor for unauthorized file write operations as interim mitigation.
Type: Vulnerability Exploitation
Attack Vector: Remote Code Execution
Vulnerability Exploited: CVE-2024-53676
Title: Critical Vulnerability in HPE's Insight Remote Support Tool
Description: HPE's Insight Remote Support tool has a critical vulnerability tracked as CVE-2024-53676, potentially allowing unauthenticated attackers to execute code on affected systems. The flaw allows for directory traversal attacks to overwrite system files, leading to SYSTEM-level privileges being compromised. There are currently no patches available. This vulnerability exposes organizations to significant risks, as attackers can deploy malicious payloads without authentication. The current suggested mitigations include isolating management interfaces, monitoring file operations, and analyzing SOAP traffic for suspicious activities. As exploit techniques are being refined, timely and stringent defensive measures are essential to prevent possible active exploitations that could severely impact operations and sensitive data.
Type: Vulnerability Exploitation
Attack Vector: Unauthenticated Directory Traversal Attack
Vulnerability Exploited: CVE-2024-53676
Title: Hardcoded Credentials Vulnerability in HPE Aruba Networking Instant On Access Points
Description: A critical vulnerability in Hewlett Packard Enterprise (HPE) Aruba Networking Instant On Access Points could allow attackers to bypass device authentication mechanisms completely. The vulnerability, tracked as CVE-2025-37103, stems from hardcoded login credentials embedded within the devices’ software, presenting a severe security risk with a maximum CVSS score of 9.8.
Date Publicly Disclosed: 2025-07-08
Type: Vulnerability Exploitation
Attack Vector: Hardcoded Credentials
Vulnerability Exploited: CVE-2025-37103
Title: 2016 U.S. Navy and Hewlett-Packard Enterprise Data Breach
Description: In October 2016, the US Navy and Hewlett-Packard Enterprise were involved in a data breach. The breach involved a compromised laptop belonging to a Hewlett Packard Enterprise Services employee working on a U.S. Navy contract. Unauthorized individuals accessed sensitive information on current and former sailors, including data from the Career Waypoints (C-WAY) database, which contains reenlistment requests and Navy Occupational Specialty details. The breach resulted in the leak of personal data, including names and Social Security numbers of 134,386 U.S. Navy sailors.
Date Detected: 2016-10
Type: data breach
Vulnerability Exploited: compromised laptop (physical or logical access)
Title: Hewlett Packard Enterprise (HPE) Email Data Breach (2025)
Description: Hewlett Packard Enterprise (HPE), one of the world's largest IT companies, disclosed in 2024 that suspected state-linked hackers (Midnight Blizzard/APT29) had compromised a Microsoft 365 email account as early as May 2023. The breach remained undetected for seven months (May–December 2023), during which attackers accessed a small percentage of mailboxes in cybersecurity and business operations. Exfiltrated data included highly sensitive personal identifiers such as Social Security numbers, driver’s licenses, and payment card details. The incident underscored the critical need for end-to-end email encryption, as the lack of it allowed attackers to read messages directly despite in-transit and at-rest protections. The breach highlighted vulnerabilities in email security, long dwell times for advanced threats, and the broader risk to both enterprises and individuals from unencrypted email archives.
Date Detected: 2023-12
Date Publicly Disclosed: 2024
Type: Data Breach
Vulnerability Exploited: Lack of End-to-End Email EncryptionCompromised Microsoft 365 Account
Threat Actor: Midnight Blizzard (APT29)
Motivation: EspionageData Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Hardcoded credentials embedded within the device’s web interface, compromised laptop and Compromised Microsoft 365 Account.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ARU826111122
Data Compromised: Mac addresses, Ip addresses, Device operating system type, Hostname, Usernames, Access point (ap) name, Proximity, Duration of time connected to the ap
Systems Affected: Network analytics datasetContact tracing dataset
Incident : Data Breach HEW000020925
Data Compromised: Social security numbers, Driver’s license details, Credit card numbers
Systems Affected: Email mailboxesMicrosoft SharePoint systems
Incident : Vulnerability Exploitation HEW411030525
Systems Affected: HPE's Insight Remote Support Tool
Incident : Vulnerability Exploitation HEW723072225
Systems Affected: HPE Networking Instant On Access Points
Operational Impact: Potential tampering or payload injection
Incident : data breach HEW513092125
Data Compromised: Names, Social security numbers
Systems Affected: Career Waypoints (C-WAY) database
Brand Reputation Impact: potential reputational damage to U.S. Navy and Hewlett-Packard Enterprise
Identity Theft Risk: high (due to exposed SSNs)
Incident : Data Breach HEW5092350092125
Data Compromised: Social security numbers, Driver’s licenses, Payment card details, Internal communications, Financial reports, Identity documents
Systems Affected: Microsoft 365 Email Environment
Operational Impact: Limited to specific mailboxes in cybersecurity and business operations
Brand Reputation Impact: High (given HPE's global enterprise status and sensitivity of compromised data)
Identity Theft Risk: High (due to exposure of PII like SSNs and driver’s licenses)
Payment Information Risk: High (payment card details compromised)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Network Telemetry Information, Location-Specific Information, , Social Security Numbers, Driver’S License Details, Credit Card Numbers, , Personal Identifiable Information (Pii), Military Occupational Data, , Personally Identifiable Information (Pii), Financial Data, Internal Business Communications and .
Which entities were affected by each incident ?
Incident : Data Breach ARU826111122
Entity Name: Aruba Central
Entity Type: Company
Industry: Technology
Incident : Data Breach HEW000020925
Entity Name: Hewlett Packard Enterprise
Entity Type: Corporation
Industry: Technology
Incident : Vulnerability Exploitation HEW416030525
Entity Name: HPE
Entity Type: Organization
Industry: Technology
Incident : Vulnerability Exploitation HEW411030525
Entity Name: HPE
Entity Type: Technology Company
Industry: Technology
Incident : Vulnerability Exploitation HEW723072225
Entity Name: Hewlett Packard Enterprise (HPE)
Entity Type: Organization
Industry: Technology
Incident : data breach HEW513092125
Entity Name: U.S. Navy
Entity Type: government/military
Industry: defense
Location: United States
Customers Affected: 134,386 sailors (current and former)
Incident : data breach HEW513092125
Entity Name: Hewlett-Packard Enterprise (HPE)
Entity Type: private corporation
Industry: information technology
Location: United States
Incident : Data Breach HEW5092350092125
Entity Name: Hewlett Packard Enterprise (HPE)
Entity Type: Corporation
Industry: Information Technology
Location: Global (HQ: Spring, Texas, USA)
Size: Large Enterprise
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ARU826111122
Remediation Measures: Modifying how they safeguard and keep access keys
Communication Strategy: Informed that it's not necessary to change passwords, change encryption keys, or modify your network setup
Incident : Vulnerability Exploitation HEW416030525
Containment Measures: Isolate management interfaces
Enhanced Monitoring: Monitor for unauthorized file write operations
Incident : Vulnerability Exploitation HEW411030525
Containment Measures: isolating management interfacesmonitoring file operationsanalyzing SOAP traffic for suspicious activities
Incident : Vulnerability Exploitation HEW723072225
Containment Measures: Upgrade firmware to version 3.2.1.0 or later
Remediation Measures: Remove hardcoded credential branch from authenticate() routine and enforce robust credential management policies
Network Segmentation: Segment management traffic to trusted administrative VLANs
Enhanced Monitoring: Audit access logs for suspicious web interface logins
Incident : Data Breach HEW5092350092125
Incident Response Plan Activated: Yes (disclosed in 2024 after detection in December 2023)
Communication Strategy: Public disclosure in 2024
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (disclosed in 2024 after detection in December 2023).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ARU826111122
Type of Data Compromised: Network telemetry information, Location-specific information
Incident : Data Breach HEW000020925
Type of Data Compromised: Social security numbers, Driver’s license details, Credit card numbers
Sensitivity of Data: High
Incident : data breach HEW513092125
Type of Data Compromised: Personal identifiable information (pii), Military occupational data
Number of Records Exposed: 134,386
Sensitivity of Data: high (includes Social Security numbers)
Data Exfiltration: yes
Personally Identifiable Information: namesSocial Security numbers
Incident : Data Breach HEW5092350092125
Type of Data Compromised: Personally identifiable information (pii), Financial data, Internal business communications
Sensitivity of Data: High
Data Exfiltration: Yes (months of email archives)
Data Encryption: Partial (in-transit and at-rest, but not end-to-end)
File Types Exposed: EmailsAttachments (likely including documents, spreadsheets, PDFs)
Personally Identifiable Information: Social Security NumbersDriver’s LicensesPayment Card Details
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Modifying how they safeguard and keep access keys, , Remove hardcoded credential branch from authenticate() routine and enforce robust credential management policies.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by isolate management interfaces, , isolating management interfaces, monitoring file operations, analyzing soap traffic for suspicious activities, and upgrade firmware to version 3.2.1.0 or later.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach HEW5092350092125
Lessons Learned: End-to-end email encryption is critical to limit exposure even if accounts are compromised., Dwell times for advanced threats can span months or years, emphasizing the need for proactive detection., Unencrypted email archives pose a long-term risk, as they contain historical sensitive data., Individuals and enterprises must prioritize encryption, multi-factor authentication (MFA), and data hygiene (e.g., deleting old documents)., Email security must evolve beyond basic protections (e.g., spam filters, passwords) to address targeted attacks.
What recommendations were made to prevent future incidents ?
Incident : Data Breach HEW5092350092125
Recommendations: Implement end-to-end encryption for all email communications., Enforce multi-factor authentication (MFA) across all accounts, especially email., Regularly audit and clean up old or unnecessary emails and attachments., Monitor for unusual account activity with advanced threat detection tools., Assume breach mentality: design security controls to limit data exposure even if perimeter defenses fail., Hold email providers accountable for baseline encryption standards.Implement end-to-end encryption for all email communications., Enforce multi-factor authentication (MFA) across all accounts, especially email., Regularly audit and clean up old or unnecessary emails and attachments., Monitor for unusual account activity with advanced threat detection tools., Assume breach mentality: design security controls to limit data exposure even if perimeter defenses fail., Hold email providers accountable for baseline encryption standards.Implement end-to-end encryption for all email communications., Enforce multi-factor authentication (MFA) across all accounts, especially email., Regularly audit and clean up old or unnecessary emails and attachments., Monitor for unusual account activity with advanced threat detection tools., Assume breach mentality: design security controls to limit data exposure even if perimeter defenses fail., Hold email providers accountable for baseline encryption standards.Implement end-to-end encryption for all email communications., Enforce multi-factor authentication (MFA) across all accounts, especially email., Regularly audit and clean up old or unnecessary emails and attachments., Monitor for unusual account activity with advanced threat detection tools., Assume breach mentality: design security controls to limit data exposure even if perimeter defenses fail., Hold email providers accountable for baseline encryption standards.Implement end-to-end encryption for all email communications., Enforce multi-factor authentication (MFA) across all accounts, especially email., Regularly audit and clean up old or unnecessary emails and attachments., Monitor for unusual account activity with advanced threat detection tools., Assume breach mentality: design security controls to limit data exposure even if perimeter defenses fail., Hold email providers accountable for baseline encryption standards.Implement end-to-end encryption for all email communications., Enforce multi-factor authentication (MFA) across all accounts, especially email., Regularly audit and clean up old or unnecessary emails and attachments., Monitor for unusual account activity with advanced threat detection tools., Assume breach mentality: design security controls to limit data exposure even if perimeter defenses fail., Hold email providers accountable for baseline encryption standards.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are End-to-end email encryption is critical to limit exposure even if accounts are compromised.,Dwell times for advanced threats can span months or years, emphasizing the need for proactive detection.,Unencrypted email archives pose a long-term risk, as they contain historical sensitive data.,Individuals and enterprises must prioritize encryption, multi-factor authentication (MFA), and data hygiene (e.g., deleting old documents).,Email security must evolve beyond basic protections (e.g., spam filters, passwords) to address targeted attacks.
References
Where can I find more information about each incident ?
Incident : Vulnerability Exploitation HEW723072225
Source: HPE Aruba Networking’s Bug Bounty program
Incident : Data Breach HEW5092350092125
Source: Bleeping Computer
Incident : Data Breach HEW5092350092125
Source: MakeUseOf (MUO) - Afam Onyimadu
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: HPE Aruba Networking’s Bug Bounty program, and Source: Bleeping Computer, and Source: MakeUseOf (MUO) - Afam Onyimadu.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach HEW5092350092125
Investigation Status: Disclosed (2024); no further updates on root cause or forensic details
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Informed That It'S Not Necessary To Change Passwords, Change Encryption Keys, Or Modify Your Network Setup and Public disclosure in 2024.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability Exploitation HEW723072225
Entry Point: Hardcoded credentials embedded within the device’s web interface
Incident : data breach HEW513092125
Entry Point: compromised laptop
High Value Targets: Career Waypoints (C-Way) Database,
Data Sold on Dark Web: Career Waypoints (C-Way) Database,
Incident : Data Breach HEW5092350092125
Entry Point: Compromised Microsoft 365 Account
Reconnaissance Period: Unknown (breach undetected for ~7 months)
High Value Targets: Cybersecurity Teams, Business Operations,
Data Sold on Dark Web: Cybersecurity Teams, Business Operations,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploitation HEW416030525
Root Causes: Improper Validation Of File Paths,
Incident : Vulnerability Exploitation HEW723072225
Root Causes: Hardcoded login credentials embedded within the devices’ software
Corrective Actions: Upgrade firmware to remove hardcoded credential branch and enforce robust credential management policies
Incident : Data Breach HEW5092350092125
Root Causes: Lack Of End-To-End Encryption For Email Content., Insufficient Detection Mechanisms To Identify The Breach For ~7 Months., Targeted Compromise Of A High-Privilege Microsoft 365 Account.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Monitor For Unauthorized File Write Operations, , Audit access logs for suspicious web interface logins.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Upgrade firmware to remove hardcoded credential branch and enforce robust credential management policies.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Russian state-backed hackers and Midnight Blizzard (APT29).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on May 2023.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were MAC addresses, IP addresses, device operating system type, hostname, usernames, Access Point (AP) name, proximity, duration of time connected to the AP, , Social Security numbers, Driver’s license details, Credit card numbers, , names, Social Security numbers, , Social Security Numbers, Driver’s Licenses, Payment Card Details, Internal Communications, Financial Reports, Identity Documents and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Network analytics datasetContact tracing dataset and Email mailboxesMicrosoft SharePoint systems and and and Career Waypoints (C-WAY) database and Microsoft 365 Email Environment.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Isolate management interfaces, isolating management interfacesmonitoring file operationsanalyzing SOAP traffic for suspicious activities and Upgrade firmware to version 3.2.1.0 or later.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were proximity, Social Security numbers, hostname, Social Security Numbers, Payment Card Details, device operating system type, IP addresses, duration of time connected to the AP, names, Driver’s license details, Financial Reports, Identity Documents, Internal Communications, Access Point (AP) name, usernames, MAC addresses, Driver’s Licenses and Credit card numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 134.4K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Email security must evolve beyond basic protections (e.g., spam filters, passwords) to address targeted attacks.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Monitor for unusual account activity with advanced threat detection tools., Enforce multi-factor authentication (MFA) across all accounts, especially email., Regularly audit and clean up old or unnecessary emails and attachments., Assume breach mentality: design security controls to limit data exposure even if perimeter defenses fail., Hold email providers accountable for baseline encryption standards. and Implement end-to-end encryption for all email communications..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Bleeping Computer, HPE Aruba Networking’s Bug Bounty program and MakeUseOf (MUO) - Afam Onyimadu.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Disclosed (2024); no further updates on root cause or forensic details.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Hardcoded credentials embedded within the device’s web interface, Compromised Microsoft 365 Account and compromised laptop.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Unknown (breach undetected for ~7 months).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Improper validation of file paths, Hardcoded login credentials embedded within the devices’ software, Lack of end-to-end encryption for email content.Insufficient detection mechanisms to identify the breach for ~7 months.Targeted compromise of a high-privilege Microsoft 365 account..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Upgrade firmware to remove hardcoded credential branch and enforce robust credential management policies.
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=aruba-a-hewlett-packard-enterprise-company' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
