Security News

EY announced a collaboration with SAP on the innovation of industry cloud solutions, including insurance, banking, life sciences and energy and resources, to help drive clients' digital transformation. These EY solutions for SAP's industry cloud combine EY experience and knowledge in these four industries with EY industry-specific IP and integrated technology solutions.

The first of the updated Hot News notes deals with security updates for Chromium delivered with SAP Business Client - at version 90.0.4430.93, this Chromium update fixes 63 security holes. Of the high-severity security notes, two resolve three vulnerabilities in SAP Business One, all related to SAP's Chef Cookbooks, explained Onapsis, a firm that specializes in securing Oracle and SAP applications.

These solutions are integrated with SAP Extended Warehouse Management, with a second integration available for Ivanti Velocity Web Browser with SAP S/4HANA. The solutions enable customers in warehousing, transportation, logistics and retail organizations to increase productivity and deliver enhanced, consistent user experiences across devices. In addition to their availability on SAP Store, the SAP Integration and Certification Center has certified that Ivanti Speakeasy 1.0 and Ivanti Velocity 2.1 integrate with SAP S/4HANA using standard integration technologies.

SNP has announced three CrystalBridge solution packages for moving SAP workloads to the cloud and for S/4HANA. Addressing customer needs for cloud and SAP S/4HANA migrations, delayed due to prerequisite projects, delivery risks, and high migration costs, SNP introduced three packaged solutions that compress project timelines, contain fees, and minimize business downtime during cutover for these initiatives. The new package options include SAP ECC landscape migration to the cloud, including application upgrades, database re-platforming, and Unicode conversions; selective data transition for ECC landscapes; and cloud migration from SAP ECC to S/4HANA. Proof of concept options for each of the packages are also available.

Accenture and SAP are expanding their decades-long partnership to help companies embed sustainability across the full spectrum of their business operations - from strategy to execution - to unlock new value throughout their enterprises and in their value and supply chains. Combining SAP technology with Accenture's Sustainability Services and broad industry knowledge, the partners are expanding their alliance to jointly create new solutions that can empower companies to accelerate their progress on fully de-carbonizing their supply chains and capture their share of the projected $4.5 trillion economic growth that the circular economy could bring.

One of these updates refers to a vulnerability that impacts SAP Business Client, a user interface that acts as an entry point to various SAP business applications. SAP also delivered an update that fixes a remote code execution bug in SAP Commerce used to organize product information for distribution across multiple communication channels.

On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.

SAP applications are getting compromised by skilled attackersNewly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. MindAPI makes API security research and testing easierSecurity researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier.

Accenture is collaborating with SAP on a unique joint initiative to design, develop and deliver new cloud-based capabilities that strengthen existing SAP Intelligent Asset Management solutions. Accenture is bringing its industry-specific assets and knowledge to extend asset management solution functionality, helping companies in industries such as energy, life sciences and natural resources improve performance by shifting maintenance strategies from reactive to proactive.

SAP and Onapsis jointly released a cyber threat intelligence report providing actionable information on how malicious threat actors are targeting and potentially exploiting unprotected mission-critical SAP applications. Both companies note that many organizations still have not applied relevant mitigations that have long been provided by SAP. Customers who fail to apply these protective measures and allow unprotected SAP applications to continue to operate put themselves and their business at risk.