Blogs

Why Wi-Fi Design Day Matters

By cheriemartin posted 6 days ago
Contribution by Dobias van Ingen (@ Dobias van Ingen) Community, curiosity, and doing Wi-Fi properly (with a bit of fun along the way ☕️📡 ) If you’ve ever tried explaining co-channel contention or roaming behavior at a dinner party, you know how quickly the room empties. 😅 But put a few hundred Wi-Fi professionals in a theatre, add real deployment stories, a shared passion for getting things right , and suddenly those conversations are not just welcome, they’re the main event. That, in a nutshell, is Wi-Fi Design Day . Ahead of this year’s Wi-Fi Design Day London (April 16, 2026), I sat down with Matt Starling ...

The PHY-ast and the Fi-rious

By Dan_C posted 13 days ago
Introduction Reliability is important, but most consumers of Wi-Fi are more like Dominic Toretto and live their life one quarter mile at a time and always want their Wi-Fi (or 10 second car) to go as fast as possible. In this post I wanted to highlight ways to consider Wi-Fi speeds and AP selection. There are many options to increase the speed or throughput of Wi-Fi and selecting the best AP for the job is important. There may be trade-offs sometimes with costs and requirements but it's always best to get the requirements for your environment set. Firstly, with all the spec sheets out there, how can you tell what AP is best for your requirements? In this ...

Release the JBOR! - Wi-Fi Survey Tools

By Dan_C posted 13 days ago
Introduction Wireless surveys are important in the planning, troubleshooting, and the validation of a Wi-Fi deployment. The Wi-Fi software survey solutions available today for surveys are excellent in the planning and design aspect of a Wi-Fi deployment adding the input from a survey device is critical for the troubleshooting and validation of Wi-Fi deployments. Adding a JBOR (Just a bunch of radios) to provide input from the live environment can strengthen problem finding and the validation of a deployment. Of course, calling it a JBOR is a play on words I temporarily borrowed from storage terminology like JBOD (Just a bunch of disks) and others. A survey ...

Get Ready, Airheads: HPE + Juniper Networks Unite to Unleash the Future of AI-Native Networking

By cheriemartin posted 14 days ago
Punch your free ticket to one of the hottest events in tech, HPE Networking Days. A new era begins as HPE and Juniper Networks come together to deliver a next-generation event series designed for the innovators, builders, and hands-on pros who keep our world connected. Hey Airheads! I’m excited to share what’s coming with HPE Networking Days 2026. If you’ve attended before, you know these events are where breakthrough technology meets real-world expertise. This year, we’re taking things to a new level. For the first time, we’re bringing together the very best of HPE and Juniper Networks in one unified series, packed with deeper ...

It Takes Two to Tango - Discovering Wireless Client Capabilities

By Dan_C posted 23 days ago
Introduction Want to enable new Wi-Fi features in your environment? How do you confirm your clients supported features? There are several optional features to enable on your wireless clients to best experience. Some of the common features not generally enabled by default are client roaming. As a quick summary, the common roaming standards are: · 802.11r - Fast Basic Service Set Transition (FT) o Also referenced as Over-the-Air and Over-the-DS Fast Transition o Shrinks the reassociation time from seconds to tens of milliseconds through reduced authentication time. · 802.11k – Radio Resource Management ...

What you Need to Know About Network Security and Federal Certifications

By Threat_Labs posted 27 days ago
If you are a commercial or public-sector organization evaluating network or network security products, it is common to hear that a product is “FIPS certified” or uses “FIPS- validated cryptography” as a selling point. Sometimes commercial customers may even be told that a product is “Common Criteria validated” or “on the DoD Approved Product List,” with the implication that said product is “good enough for the intelligence community or the U.S. Army, so it’s good enough for you.” One way in which the nature of federal certifications may arise is in the context of network security. Network security refers broadly to the architectural principles and everyday ...

2026 Airheads Community MVPs

By Jamie E posted 29 days ago
It’s time to announce the 2026 Airheads Community MVPs! Thank you to everyone who contributed and helped their peers throughout the community this year. Whether it was sharing best practices, helping troubleshoot issues, or guiding someone through a configuration change, your willingness to support others continues to make the Airheads community an incredible place to collaborate and learn. Among all of our contributors, there were several members who went above and beyond—consistently stepping in to help others, sharing deep technical knowledge, and strengthening the community through their expertise and generosity. The group of you that stood out through ...

It's Beacon-ing to look a lot like a distribution system issue

By Dan_C posted Mar 06, 2026
Introduction Like many network people, I use WLAN scanner software to view surrounding wirlesss networks. I specifically use Wi-Fi Explorer Pro 3 by Intuitibits when I have my MacBook as a tool to scan, investigate, and troubleshoot wireless networks. Recently from reviewing upgrade features in Version 3.9.3 ( WiFi Explorer Pro 3 Release Notes - Intuitibits ) of Wi-Fi Explorer Pro 3, I noticed a new feature specifically related to Aruba - Adds support for the Aruba AP Health vendor-specific element . I immediately wanted to investigate this to see what it can do which led me to review Aruba release notes. I found that in AOS10.8 ( What's New ) the AP Health ...

Exciting things are in store for the Airheads Community

By lright posted Mar 04, 2026
We’re pleased to share that Airheads is expanding and welcoming new members from Juniper Networks. This next chapter builds on the strength of the community you know and trust and opens the door to even more opportunities to learn, connect, and collaborate across the networking ecosystem. We’re kicking things off with a n Networking Days Roadshow event series that brings t he combin ed expertis e of HPE Aruba Networking and Juniper closer to you. As we grow, what you rely on today remains unchanged. Existing forum discussions stay exactly as they are, and all new ...

DNS Tunneling: The Hidden Highway Out of Your Network

By Threat_Labs posted Mar 02, 2026
DNS Tunneling: The Hidden Highway Out of Your Network Imagine this: it’s a quiet Thursday afternoon. You’re quietly analyzing the latest threats from your EDR and firewall consoles, checking all alerts of outbound calls to strange addresses. Every one of them has been blocked. Yet, even as you sip your coffee, a vicious malware is spreading across the entire enterprise network, a crippling and expensive ransomware attack imminent. This malware is not operating in the dark: it has an open phone line back to its masters. But this line is not a TCP connection you will see on your firewall. It is passing undetected, hidden deep inside a torrent of DNS queries, ...

Meet the Community team

By lright posted Feb 24, 2026
Hello everyone! I'm Lydia ( @ lright ) - I've just officially joined the Communities team here at HPE as Senior Community Marketing & Operations Manager, and I'm thrilled to be here! Who am I? I am a marketer (😱 scary, I know) with a background in development and programming and a love of organization and minimalism (and fantasy 🧙 and sci-fi 🛸) that I've brought into operational roles. I'm also an Aruba Networks veteran, having started back in 2012 as our webmaster. I've have been involved with the Airheads Community on and off for years - you may even have seen or met me at Aruba Atmosphere or HPE ...

Inside HPE Threat Labs: Where threats meet their match

By Threat_Labs posted Feb 09, 2026
Inside HPE Threat Labs: Where threats meet their match Picture this: Your phone buzzes at 6:07 a.m. A new high severity CVE drops. You haven’t even had time for your morning coffee . The questions are straight forward. What is happening? How is the attacker moving? Which control should tighten right now? That cuts to the spirit and intention of HPE Threat Labs. We aren’t here to provide a 200 page theory, but rather distill insights that can be turned into action: patch this, block that, monitor here, harden there. Say hello to the new HPE Threat Labs , our dedicated hub for security threat research and ...

Blackbyte Ransomware

By camilla.ahlquist posted Feb 04, 2026
Threat Description Blackbyte has been known to be a Ransomware-as-a-Service (RaaS) since July 2021. It was reported that it was used in infecting organizations in at least three US critical infrastructure sectors — government facilities, financial, and food and agriculture — as well as others outside the US. The San Francisco 49ers was attacked by BlackByte and it was reportedly exfiltrated 300MB, but nothing to do with customer data. They publish stolen data on a .onion web site Sha256: 1df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a2240779864b1a6474ad   Back in October 2021, cybersecurity firm Trustwave created ...

StealC Malware

By camilla.ahlquist posted Feb 04, 2026
Executive Summary StealC is a commodity information‑stealer offered as Malware‑as‑a‑Service (MaaS). It emerged in early 2023 and has evolved with newer versions introducing RC4‑protected strings and traffic. It targets browser credentials, cookies, autofill data, crypto‑wallets, and messenger tokens. Distribution typically occurs via malvertising, SEO‑poisoned download sites, and phishing campaigns. Malware Family: StealC Sample SHA‑256: 95a6054ae187f3c968ad 3a7832aa05c413dd00b7c6feaec42bb74349a97471b0 The analyzed sample executed a short‑lived loader that: Spawned two child binaries in the user’s Documents folder. Harvested Chromium/Firefox/Edge ...

GhostRat Malware

By camilla.ahlquist posted Feb 04, 2026
Threat Intelligence Report Malware Family: GhostRat Executive Summary GhostRat is a sophisticated Remote Access Trojan (RAT) known for its stealth, persistence, and modular architecture. The analyzed sample demonstrates advanced capabilities including process injection, credential harvesting, system reconnaissance, and encrypted command-and-control (C2) communication. The malware employs multiple evasion techniques and leverages legitimate tools such as PowerShell and Node.js to maintain persistence and avoid detection. Technical Analysis 1. Initial Infection Vector · The sample is a PE32 executable ...

Lumma Stealer (a.k.a. LummaC2)

By camilla.ahlquist posted Feb 04, 2026
Executive summary Lumma Stealer is a prolific, Windows‑focused infostealer offered under a malware‑as‑a‑service (MaaS) model since 2022. It targets browser credentials, cookies, crypto‑wallets and 2FA browser extensions, while employing strong anti‑analysis (anti‑VM, anti‑debug, unhooking/indirect syscalls) and resilient C2 rotation to sustain operations. Recent reporting shows active Lumma campaigns through 2024–2025 and a large‑scale disruption in May 2025 followed by a quick resurgence. [1] [2] [3] [4] Key findings · Family overview & business model. Lumma is a MaaS sold to affiliates who build ...

“Springshell” Vulnerability

By camilla.ahlquist posted Feb 04, 2026
On March 30, 2022, a pseudonymous security researcher posted a proof of concept of a remote code execution vulnerability in the Spring framework for Java. Early speculation likened this vulnerability to last year’s log4shell vulnerability. While subsequent proofs of concept have confirmed this vulnerability, due to the conditions necessary for the attack, we believe that this vulnerability — although serious — will not have the same widespread impact as log4shell. Vulnerability Details The vulnerability is a result of the Spring framework’s data binding capability. Data binding enables the creation or modification of Java objects from the ...

What’s new in Central (January 2026) – Application experience predictor, client roaming enhancements and many more

By IshaniC posted Feb 02, 2026
Building on the momentum of HPE Discover in December and the announcement of Aruba Central’s General Availability worldwide, here comes another packed release. Here are a few that rise to the top. Application Experience Predictor available as a new AI insight proactively forecasts end‑user experience for major collaboration apps like Teams and Zoom and identifies the network factors most likely to degrade performance. The feature leverages intelligence from the Mist Large Experience Model (LEM), extending deeper, more contextual insights into Aruba Central as a part of cross-pollination initiative. This isn’t just another dashboard widget — it’s a ...

AgentTesla

By camilla.ahlquist posted Jan 27, 2026
Agent Tesla is a spyware that is capable of stealing personal data from web browsers, mail clients and FTP servers. It can also collect screenshots, videos and capture clipboard data. Recent versions of this malware are also capable of stealing personal data from VPN clients. It was being sold on the underground markets for as low as $12 up to $70 depending on the additional features. This malware has been around since 2014. This malware kit was sold online first on the website agenttela.com ( defunct). It has ...

One Endpoint to Rule Them All: Securing GraphQL in Modern Network Management

By gbanys posted Jan 22, 2026
One Endpoint to Rule Them All: Securing GraphQL in Modern Network Management A deep dive on GraphQL, HPE Aruba Networking Central’s new API framework Introduction Earlier this year, HPE Networking proudly announced a long-awaited upgrade to our online network management service, New HPE Aruba Networking Central – sometimes referred to as “New Central”. HPE Aruba Networking Central released as a distinct offering with a host of new features, including a brand-new UI, revamped management dashboards, an intuitive network organization system, and to top it off – a new API framework powered by GraphQL to seamlessly coordinate user actions with backend ...