SAP

Pierluigi Paganini October 11, 2018
SAP October 2018 set of patches fixes first Hot News security note for SAP BusinessObjects in 5 years

SAP released its October 2018 set of patches, it includes the first Hot News security note for SAP BusinessObjects in over five years. SAP released its October 2018 set of patches that included 11 security notes, the company also released 4 updates to previously released notes. The patches include 15 notes, 2 rated Hot News and one of […]

Pierluigi Paganini September 12, 2018
September 2018 Security Notes address a total of 14 flaws in SAP products

SAP today just released the September 2018 set of Security Notes that address a total of 14 flaws in its products, including a critical flaw in SAP Business Client. The September 2018 Security Patch Day includes other 13 Security Notes, three were rated High severity, 9 Medium risk, and 1 Low severity. SAP also released 8 Support Package Notes, […]

Pierluigi Paganini August 16, 2018
SAP Security Notes August 2018, watch out for SQL Injection

SAP released security notes for August 2018 that address dozens patches, the good news is that there aren’t critical vulnerabilities. SAP issues 27 Security Notes, including 14 Patch Day Notes and 13 Support Package Notes. Seven notes are related to previously published patches. “On 14th of August 2018, SAP Security Patch Day saw the release of 12 Security Notes. […]

Pierluigi Paganini July 26, 2018
US-CERT warns of ongoing cyber attacks aimed at ERP applications

US-CERT warns of cyber attacks on ERP applications, including Oracle and SAP, and refers an interesting report published by Digital Shadows and Onapsis. US-CERT warns of cyber attacks on Enterprise resource planning (ERP) solutions such as Oracle and SAP, both nation-state actors and cybercrime syndicates are carrying out hacking campaign against these systems. The report published by […]

Pierluigi Paganini April 29, 2018
90% of the SAP customers exposed to hack due to 13 Year-Old configuration flaw

Many companies using SAP systems ignore to be impacted by a 13-year-old security configuration that could expose their architecture to cyber attacks. According to the security firm Onapsis, 90 percent SAP systems were impacted by the vulnerability that affects SAP Netweaver and that can be exploited by a remote unauthenticated attacker who has network access […]

Pierluigi Paganini April 12, 2018
SAP April 2018 Security Patch Day address critical flaws in web browser controls in SAP Business Client

SAP released the April 2018 Security Patch Day, a collection of ten security patches that also address critical vulnerabilities in web browser controls in SAP Business Client. SAP also released 2 updates to previously released security notes, one note was rated Hot News, 4 were rated High Priority, and 7 were rated Medium Priority. The most […]

Pierluigi Paganini March 16, 2018
Hacking SAP CRM by chaining 2 vulnerabilities in SAP NetWeaver AS Java

Security experts at ERPScan explained that chaining 2 flaws recently patched it is possible to hack SAP CRM systems and access sensitive data. Security experts at ERPScan discovered that chaining the exploits for two security vulnerabilities in SAP NetWeaver Application Server Java patched last month, an attacker can hack customer relationship management (CRM) systems. CRMs are […]

Pierluigi Paganini March 14, 2018
March 2018 SAP Security Patch Day addresses decade-old vulnerabilities

SAP released March 2018 SAP Security Patch Day that addresses High and Medium priority vulnerabilities in its products, including three decade-old issues in SAP Internet Graphics Server. March 2018 SAP Security Patch Day includes 10 Security Notes, three rated High priority and 7 rated as Medium priority. The company also released 17 Support Package Notes, 11 […]

Pierluigi Paganini February 15, 2018
SAP Security Notes – February 2018 addresses tens of flaws including High Risk issues

SAP Security Notes – February 2018: SAP Security Notes February 2018 addressed several vulnerabilities including High-Risk flaws. SAP has released February 2018 Patches that addressed some high-risk vulnerabilities in its software, a total of 26 Security Notes (5 high-, 19 medium- and 2 low-risk). Once again, the missing authorization check is the most common vulnerability type this month. The […]

Pierluigi Paganini August 29, 2017
Hacking SAP POS systems with a $25 Raspberry Pi

A $25 Raspberry Pi or similar tiny PCs could be used to hack SAP POS systems due to a critical vulnerability. SAP POS is client-server technology that belongs to the SAP for Retail line-up, it is widely adopted, it has been estimated that it is used by 80 per cent of the retailers in the Forbes […]