Security News > 2021 > April > Ongoing attacks are targeting unsecured mission-critical SAP apps
Threat actors are targeting mission-critical SAP applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks.
SAP and cloud security firm Onapsis warned of these ongoing attacks today, and have worked in partnership with the Cybersecurity and Infrastructure Security Agency and Germany's cybersecurity agency BSI to warn SAP customers to deploy patches and survey their environments for unsecured apps.
Brute-force attacks targeting unsecured high-privilege SAP user account settings.
Patching vulnerable SAP systems should be a priority for all defenders since Onapsis also found that attackers start targeting critical SAP vulnerabilities within less than 72 hours, with exposed and unpatched SAP apps getting compromised in less than three hours.
Immediately perform a compromise assessment on SAP applications that are still exposed to the vulnerabilities mentioned herein, or that have not been promptly secured upon the release of the relevant SAP security patches.
Immediately assess all applications in the SAP environment for risk, and immediately apply the relevant SAP security patches and secure configurations.
News URL
Related news
- Public anxiety mounts over critical infrastructure resilience to cyber attacks (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Cyber attacks on critical infrastructure show advanced tactics and new capabilities (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Critical Rust flaw enables Windows command injection attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (source)
- Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (source)