Collaborate Disseminate
August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. Apple released iCloud for Windows updates and Google pushed out fixes to Chrome. They were followed by… Continue reading Intel, SAP, and Citrix release critical security updates
SAP has issued patches to fix a critical vulnerability (CVE-2020-6287) that can lead to total compromise of vulnerable SAP installations by a remote, unauthenticated attacker. The flaw affects a variety of SAP business solutions, including SAP Enterpri… Continue reading Critical flaw gives attackers control of vulnerable SAP business applications
More than two thirds (68.8%) of SAP users believe their organizations put insufficient focus on IT security during previous SAP implementations, while 53.4% indicated that it is ‘very common’ for SAP security flaws to be uncovered during the audit proc… Continue reading The potential impact of SAP security remediation
Two exploits publicly released in late April at the OPCDE security conference in Dubai could be leveraged to compromise a great number of SAP implementations, Onapsis has warned. A successful attack would allow remote, unauthenticated attackers to: Per… Continue reading 50,000 companies running SAP installations open to attack via publicly released exploits
This is the final article of “GDPR for SAP” series devoted to implementation of GDPR requirements in SAP environments. Today we’ll review a number of ways provided by SAP to monitor access to personal data in SAP systems. Why is it important? SAP systems are constantly changing: people come and go; authorization concept becomes obsolete […]
The post GDPR for SAP: How to monitor personal data access? appeared first on ERPScan.
The post GDPR for SAP: How to monitor personal data access? appeared first on Security Boulevard.
Continue reading GDPR for SAP: How to monitor personal data access?
Onapsis discovered several high risk vulnerabilities affecting SAP HANA platforms. If exploited, these vulnerabilities would allow an attacker, whether inside or outside the organization, to take full control of the SAP HANA platform remotely, without the need of a username and password. “This level of access would allow an attacker to perform any action over the business information and processes supported by HANA, including creating, stealing, altering, and/or deleting sensitive information. If these vulnerabilities are … More → Continue reading Several high risk 0-day vulnerabilities affecting SAP HANA found
ERPScan released the first comprehensive SAP Cybersecurity Threat Report, which covers three main angles: Product Security, Implementation Security, and Security Awareness. The company used its own scanning method to gather information. “Protocols used to interact with and between SAP servers are often proprietary and not well-known outside of the SAP IT world. It means that open scan resources don’t include those specific protocols in their scans,” Mathieu Geli, Director of SAP Threat intelligence, explained. “That’s … More → Continue reading 36000 SAP systems exposed online, most open to attacks
Onapsis released new security advisories detailing vulnerabilities in SAP HANA and SAP Trex. Included in the advisories is a critical risk vulnerability that could be used to gain high privileges, allowing unrestricted access to business information, and to modify arbitrary database information. These vulnerabilities pose a potential risk to over 10,000 SAP customers running different versions of SAP HANA. “This set of advisories is unique as most of the vulnerabilities attackers can leverage are undervalued. … More → Continue reading Vulnerabilities affecting SAP HANA and SAP Trex put 10,000 customers at risk
The CIS Critical Security Controls are a set of internationally recognized standards outlining the most important cyber hygiene actions that every organization should implement to protect their IT networks. They are highly regarded by the global IT community as they are developed, refined, validated, and updated by experts who pull data from a variety of public and private threat sources; and are transforming security in government agencies and other large enterprises by focusing spending on … More → Continue reading SANS maps SAP cybersecurity to the CIS Critical Security Controls list