SAP Patch Day July 2020 shocked the customer community of SAP SE. Although everyone assumed that zero-days with a high-risk potential of exploitation exist, the recent Patch Day has delivered evidence. Read more to understand what you should do as the next best action to protect your enterprise.
We are rapidly approaching summer vacation. Despite the holiday season the SAP Security Response team remains very active also with this months patchday. Today, the 14th of July 2020, 7 new patches and 2 updates to existing patches have been released.
Gear up your SAP Logon process using 2 factor authentification. 2FA, typically demands two components to co-exist, in the same place, at the time of login. In practice, this typically means the end-user has a physical device such as a SmartCard, and a memorized PIN number.
In information technology, compliance and security are inseparable. For SAP systems, this relatively simple relationship between compliance and security becomes a little bit more complicated, read more to learn about the reasons.
Selecting a specialized solution for each security area, however, has some limitations. A holistic approach offers additional benefit that is required to gain insight into potential risks and to offer full transparency of the security posture.
Latest addition to the SecurityBridge suite is a fully integrated interface monitor, which visualizes RFC interface connectivity across your SAP landscape. Through a bird’s eye view security critical traffic and vulnerable interfaces can easily be spotted.
On the 9th of June 2020 the SAP Product Security Response Team released 18 patches out of which 1 contains an update from a previous release. Every second Tuesday of the month the team publishes corrections and recommendations, which fix known vulnerabilities discovered within SAP products.
Over and over again we see attackers who have gained unauthorized access to a system by spending a significant amount of time spying out relevant SAP data, unnoticed by the victim organization. In a recent incident, we identified a large number of information gathering and data collection activities carried out by a threat actor prior to the exfiltration of sensitive data - which, if leaked, would inevitably lead to reputation and/or financial loss for the organization.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.