On 8th of September 2020, SAP Security Patch Day saw the release of 10 new Security Notes. There were 6 updates to previously released Security Notes. We strongly recommend to carefully revisit the September release as critical vulnerabilities have been resolved.
Article on SAP security, best-practices and security advisories.
HyperLogging introduces a new capability for SAP endpoints. Once enabled is collects all relevant data sources which are relevant for forensic analysis of incidents.
Despite the holiday season the SAP Security Response team remains very active as we see with the August patch day. On 11th of August 2020 15 new Security Notes have been released. There was 1 updated to the CVSS-10 vulnerability already released last month.
The Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations immediately apply patches, and in situations where patches cannot be applied, CISA recommends “closely monitoring your SAP NetWeaver AS for anomalous activity”.
SAP Patch Day July 2020 shocked the customer community of SAP SE. Although everyone assumed that zero-days with a high-risk potential of exploitation exist, the recent Patch Day has delivered evidence. Read more to understand what you should do as the next best action to protect your enterprise.
We are rapidly approaching summer vacation. Despite the holiday season the SAP Security Response team remains very active also with this months patchday. Today, the 14th of July 2020, 7 new patches and 2 updates to existing patches have been released.
Gear up your SAP Logon process using 2 factor authentification. 2FA, typically demands two components to co-exist, in the same place, at the time of login. In practice, this typically means the end-user has a physical device such as a SmartCard, and a memorized PIN number.
Selecting a specialized solution for each security area, however, has some limitations. A holistic approach offers additional benefit that is required to gain insight into potential risks and to offer full transparency of the security posture.
Latest addition to the SecurityBridge suite is a fully integrated interface monitor, which visualizes RFC interface connectivity across your SAP landscape. Through a bird’s eye view security critical traffic and vulnerable interfaces can easily be spotted.
On the 9th of June 2020 the SAP Product Security Response Team released 18 patches out of which 1 contains an update from a previous release. Every second Tuesday of the month the team publishes corrections and recommendations, which fix known vulnerabilities discovered within SAP products.