Security News
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the...
Large companies use ERP applications to manage business processes, including payroll and financial planning. This is precisely why bad actors are taking a renewed interest in these legacy systems - and succeeding.
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence workflows that could be exploited to get hold of access tokens and customer data. "The vulnerabilities we found could have allowed attackers to access customers' data and contaminate internal artifacts - spreading to related services and other customers' environments," security researcher Hillai Ben-Sasson said in a report shared with The Hacker News.
We spoke to Deloitte's Michael Bondar, principal and enterprise trust leader, and Shardul Vikram, chief technology officer and head of data and AI at SAP Industries and CX, about how enterprises can maintain trust in the age of AI. Organizations benefit from trust. Organizations want to be trusted by their customers, but people involved in discussions of trust often hesitate when asked exactly what trust means, he said.
Enterprise software vendor SAP has released its April 2023 security updates for several of its products, which includes fixes for two critical-severity vulnerabilities that impact the SAP Diagnostics Agent and the SAP BusinessObjects Business Intelligence Platform. In total, SAP has released 24 notes, 19 of which concern new issues of varying importance, and five are updates to previous bulletins.
Software vendor SAP has released security updates for 19 vulnerabilities, five rated as critical, meaning that administrators should apply them as soon as possible to mitigate the associated risks. The flaws fixed this month impact many products, but the critical severity bugs affect SAP Business Objects Business Intelligence Platform and SAP NetWeaver.
A recent part-owned SAP report revealed that for every 1,500 cyberattacks on SAP systems recorded between mid-2020 and March 2021, 300 were successful, with threat actors leveraging faults in unsecured applications to commit financial fraud, deploy ransomware and disrupt business operations. Any vulnerability in SAP is highly concerning owing to its impact potential - should SAP systems be attacked, the consequences can be catastrophic, cascading across multiple risk areas.
SAP runs six main Customer Influence programs accessible via a website open to thousands of members. While users can view each other's names, companies, proposals, and comments, those with knowledge of SAP's back-end can easily get hold of more information, argues SAP consultant Tobias Hofmann in his blog.
There's a trio of critical vulnerabilities, fixed on Tuesday, in SAP business applications that use the ubiquitous Internet Communication Manager: the component that gives SAP products the HTTPS web server they need to connect to the internet or talk to each other. The firm estimated that there were tens of thousands - approximately 40,000 - SAP customers running more than 10,000 potentially affected, internet-exposed SAP applications at the time of disclosure.
Security researchers from Onapsis - the security firm that specializes in security for SAP, Oracle, Salesforce, and other software-as-a-service platforms and that discovered the bugs - joined SAP in coordinating the release of a Threat Report describing the critical vulnerabilities onTuesday. As of Tuesday, Onapsis Research Labs had estimated that there were tens of thousands - approximately 40,000 - SAP customers running more than 10,000 potentially affected, internet-exposed SAP applications.