Security News

Articles sharing relevant insights into security news, operations, recent incidents and data breaches but also provide guidance for SAP running enterprises.

Security Patching SAP

Virtual patching – especially attractive to SAP customers?

SAP systems belong to the companies’ critical infrastructures, no doubt. Yet, enterprises struggle with the timely implementation of patches. Within this article, we provide a deep-dive into the challenges that let you remember how patching SAP NetWeaver application works.

Security Operation Center

Why CISA strongly recommends monitoring SAP?

The Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations immediately apply patches, and in situations where patches cannot be applied, CISA recommends “closely monitoring your SAP NetWeaver AS for anomalous activity”.

The week after SAP RECON
[CVE-2020-6287]

SAP Patch Day July 2020 shocked the customer community of SAP SE. Although everyone assumed that zero-days with a high-risk potential of exploitation exist, the recent Patch Day has delivered evidence. Read more to understand what you should do as the next best action to protect your enterprise.

2FA for SAP, and how to hack it

Gear up your SAP Logon process using 2 factor authentification. 2FA, typically demands two components to co-exist, in the same place, at the time of login. In practice, this typically means the end-user has a physical device such as a SmartCard, and a memorized PIN number.

Ensuring SAP compliance

In information technology, compliance and security are inseparable. For SAP systems, this relatively simple relationship between compliance and security becomes a little bit more complicated, read more to learn about the reasons.

Hunting those hiding in the shadows

Over and over again we see attackers who have gained unauthorized access to a system by spending a significant amount of time spying out relevant SAP data, unnoticed by the victim organization. In a recent incident, we identified a large number of information gathering and data collection activities carried out by a threat actor prior to the exfiltration of sensitive data – which, if leaked, would inevitably lead to reputation and/or financial loss for the organization.

HanaCloud

Challenges in securing S/4HANA®

Quite a few SAP customers are currently migrating their systems to the new S/4HANA platform. This represents a great opportunity to re-think security and harden S/4HANA right from the outset. However, there are several challenges to securing S/4HANA. Despite sharing numerous settings with the “old” SAP Business Suite, some things are fundamentally different in S/4HANA.

SAP Identity Theft

SAP Identity Theft is when someone steals your account details and then uses them to execute unauthorized transactions on your behalf. Identity theft is one of the fastest-growing crimes in the world today. Enterprises should educate their users with some basic rules to help protect their identities.

Staying ahead of attackers

Being reactive is simply not enough. If threat actors didn’t innovate, security providers wouldn’t need to either. It’s their ability to imagine new ways to hurt us, and then execute them at speed, that has left us trying to guess the next move.