TRENDING TAGS
Cybersecurity and application security is a trend-driven field. While attackers continue to improve their attack techniques, defenders need to pay attention to these new trends. Follow our trending tags for information on specific topics.
- #patch, #sapsecurity
SAP Security Patch Day – April 2022
Today, 12th of April 2022, SAP Security Patch Day revealed 22 new Security Notes for the SAP product portfolio. Including Spring4Shell correction and Log4j update.
- #patch, #sapsecurity
SAP Security Patch Day – March 2022
Today, March 8, 2022, SAP has again released security updates to the comprehensive SAP product portfolio. The release counts 16 security patches released by SAP. This includes the notes that have been updated.
- #patch, #sapsecurity
SAP Security Patch Day – February 2022
It seems like a bizarre coincidence that today, February 8th, is not only the second SAP Security Patch Day of the year but it's also Safe Internet Day! SAP security surely contributes!
- #patch, #sapsecurity
How to secure the SAP Internet Communication Manager (SAP ICM)?
Once the SAP Internet Communication Manager (ICM) was activated in transaction SMICM, the SAP NetWeaver Application Server provides a web server that serves as the foundation for web-based SAP technologies like Fiori, WebDynpro, or Business Server Pages (BSP). Read the article to learn how to secure the SAP ICM.
- #patch, #sapsecurity
Understand and reduce the Attack Surface
Knowing the attack surface in today’s world is very important to reduce the risk of exploitation of the so-called unknown unknown. Organizations need to assume that any application, also the enterprise-critical solutions from SAP, contains a severe vulnerability that can’t be patched since no patch is available. Waiting for the moment the vulnerability gets published and patched by the software vendor, may not be a safe bet, ...
- #patch, #sapsecurity
SAP Security Patch Day – January 2022
On January 11, 2022, we celebrate the first SAP Security Patch Day of the year. We wish all those responsible for securing SAP a good and secure start in 2022. Unfortunately, the new year begins as the old year ended, with even more SAP vulnerabilities.
- #patch, #sapsecurity
SAP Supply Chain Attack
What is a Supply chain attack vulnerability using the SAP Transport Management System? SAP transport content can be adjusted after being exported and passing through test deployment and QA processes. Learn why it is crucial to protect your SAP digital backbone.
- #patch, #sapsecurity
SecurityBridge identified Supply Chain Vulnerability in SAP Transport System
Supply chain attacks are a new type of threat that targets software development departments and vendors. SecurityBridge has now identified a methodology that allows internal attackers without privileged rights to intervene undetected in the SAP soft-ware distribution process.
- #log4j, #patch, #sapsecurity
Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation in SAP Systems
The Log4j is a Java-based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution (RCE) vulnerability. An attacker can leverage this vulnerability to take full control of a targeted machine.
Latest Resources
- White Paper
Your Road to SAP Security
Download the White Paper "YOUR ROAD TO SAP SECURITY" to learn about the major milestones towards increasing the cybersecurity posture of your SAP systems.
- White Paper
Top mistakes to avoid in SAP security
Within this whitepaper you will learn about the key mistakes that can be avoided when it comes to SAP Security. History has shown that many companies have suffered from cyber incidents, moreover, not all incidents are reported or have been made available to the public.
- Report
SAP Security Product Comparison Report
Download the SAP Security Product Comparison Report and understand that holistic security for SAP can be delivered by a single solution.
- Video
How remote working affects your SAP security posture
In our webinar on May 7th, we showcased a potential attack on an SAP system, using techniques which are common tools among hackers. Using a password spray attack, we first tried to gain access to the system and subsequently extracted the password hashes of all users.