Tag: sap
-
Hardening browser security with zero-trust controls
Tags: access, api, authentication, automation, browser, chrome, cisa, cloud, compliance, container, control, corporate, credentials, crowdstrike, data, data-breach, detection, edr, email, encryption, endpoint, exploit, fido, finance, framework, google, governance, group, Hardware, identity, kubernetes, least-privilege, login, malicious, malware, mfa, microsoft, network, nist, okta, passkey, password, phishing, phone, risk, risk-assessment, sap, service, soar, theft, threat, tool, update, wifi, windows, zero-trust1. Identity-first access control Network proximity is now an inferior trust signal. Only federated, cryptographically verifiable identity tokens issued by centralized enterprise IdPs using OIDC or SAML are permitted as gates to corporate resources. This transition, well-documented by FIDO Alliance and Microsoft research, transfers the very concept of “inside” the organization from the network to…
-
Patchday von Microsoft, SAP & Co – Was ist der Patchday?
First seen on security-insider.de Jump to article: www.security-insider.de/was-ist-der-patchday-a-e4fc5ad550cb9fd8bfa6838fc13f2be6/
-
Frühwarnsystem für SAP – Onapsis-Integration macht Microsoft Sentinel zur SAP-Sicherheitszentrale
First seen on security-insider.de Jump to article: www.security-insider.de/onapsis-microsoft-integriertes-sap-sicherheitsmonitoring-a-da35a1c6955dcbd2ea851de915a779b6/
-
Asda’s ‘self-inflicted’ SAP mess after Walmart divorce stalls financial revival
Overbudget Project Future will continue to cause problems into Q2 next year, chairman admits First seen on theregister.com Jump to article: www.theregister.com/2025/12/01/asda_walmart_tech_divorce/
-
Bundeswehr S/4Hana: SAP räumt mangelnde Softwarequalität ein
Tags: sapLaut Verteidigungsministerium kann das spezielle S/4Hana für die Bundeswehr nicht abgenommen werden. Es ist eine der größten SAP-Systemlandschaften in ganz Europa. First seen on golem.de Jump to article: www.golem.de/news/bundeswehr-s4-hana-sap-raeumt-mangelnde-softwarequalitaet-ein-2511-202718.html
-
Bundeswehr S4/Hana: SAP räumt mangelnde Softwarequalität ein
Tags: sapLaut Verteidigungsministerium kann das spezielle S4/Hana für die Bundeswehr nicht abgenommen werden. Es ist eine der größten SAP-Systemlandschaften in ganz Europa. First seen on golem.de Jump to article: www.golem.de/news/bundeswehr-s4-hana-sap-raeumt-mangelnde-softwarequalitaet-ein-2511-202718.html
-
IT-Beratungshaus entplexit setzt auf SecurityBridge für mehr SAP-Sicherheit
Die Bedrohungslage im Mittelstand hat sich in den vergangenen Jahren massiv verschärft. Cyberangriffe werden gezielter und komplexer, gleichzeitig wachsen die potenziellen Angriffsflächen in umfangreichen SAP-Landschaften. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/it-beratungshaus-entplexit-setzt-auf-securitybridge-fuer-mehr-sap-sicherheit/a42952/
-
SAP Patchday November 2025 – Fest kodierte Anmeldedaten im SAP SQL Anywhere Monitor
First seen on security-insider.de Jump to article: www.security-insider.de/sap-patchday-november-2025-netweaver-updates-a-eb27ea246e5170fe07d2e383e2c6276c/
-
SAP Patches Severe Code Injection Flaw Enabling System Takeover
SAP’s latest emergency patches reveal how one critical flaw in core management systems can expose an entire enterprise to takeover. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/sap-patches-severe-code-injection-flaw-enabling-system-takeover/
-
SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover. First seen on hackread.com Jump to article: hackread.com/sap-patch-cve-2025-42887-takeover-vulnerability/
-
SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover. First seen on hackread.com Jump to article: hackread.com/sap-patch-cve-2025-42887-takeover-vulnerability/
-
Retail giant Kingfisher rejects SAP ERP upgrade plan
Tags: sap‘Don’t just give me a price list or licensing module that spikes cost by 20x, show me the value,’ says CTO First seen on theregister.com Jump to article: www.theregister.com/2025/11/12/retail_giant_kingfisher_says_no/
-
SAP fixed a maximum severity flaw in SQL Anywhere Monitor
SAP fixed 19 security issues, including a critical flaw in SQL Anywhere Monitor with hardcoded credentials that could enable remote code execution. SAP addressed 19 security vulnerabilities, including a critical flaw in SQL Anywhere Monitor, with the release of November 2025 notes. The vulnerability, tracked as CVE-2025-42890 (CVSS score of 10/10), is an insecure key…
-
SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor
SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sap-fixes-hardcoded-credentials-flaw-in-sql-anywhere-monitor/
-
SAP Releases Security Update to Fix Critical Code Execution and Injection Flaws
SAP has released a significant security update addressing 18 new vulnerabilities across its enterprise software portfolio, including several critical flaws related to code execution and data injection. This monthly security patch day features four high-severity vulnerabilities that require immediate attention from organizations utilizing SAP infrastructure. The most severe vulnerabilities have a CVSS score of 10.0,…
-
SAP Releases Security Update to Fix Critical Code Execution and Injection Flaws
SAP has released a significant security update addressing 18 new vulnerabilities across its enterprise software portfolio, including several critical flaws related to code execution and data injection. This monthly security patch day features four high-severity vulnerabilities that require immediate attention from organizations utilizing SAP infrastructure. The most severe vulnerabilities have a CVSS score of 10.0,…
-
SAP users still wrestling with business case for S/4HANA
A decade later, ERP giant struggles to convince legacy customers to upgrade First seen on theregister.com Jump to article: www.theregister.com/2025/10/17/sap_s4hana_business_case/
-
SAP zero-day wake-up call: Why ERP systems need a unified defense
In this Help Net Security video, Paul Laudanski, Director of Research at Onapsis, discusses key lessons from the SAP zero-day vulnerability. He explains why business-critical … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/sap-zero-day-security-video/
-
SAP zero-day wake-up call: Why ERP systems need a unified defense
In this Help Net Security video, Paul Laudanski, Director of Research at Onapsis, discusses key lessons from the SAP zero-day vulnerability. He explains why business-critical … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/sap-zero-day-security-video/
-
SAP zero-day wake-up call: Why ERP systems need a unified defense
In this Help Net Security video, Paul Laudanski, Director of Research at Onapsis, discusses key lessons from the SAP zero-day vulnerability. He explains why business-critical … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/sap-zero-day-security-video/
-
Frightful Patch Tuesday gives admins a scare with 175+ Microsoft CVEs, 3 under attack
Plus: Adobe, SAP, Ivanti offer treats, not tricks First seen on theregister.com Jump to article: www.theregister.com/2025/10/14/microsoft_october_2025_patch_tuesday/
-
SAP Patchday Oktober 2025 10.0-Schwachstelle in SAP Netweaver wird erneut gepatcht
First seen on security-insider.de Jump to article: www.security-insider.de/sap-patchday-oktober-2025-netweaver-updates-a-293e84f7bbc70e6f65cf25c84b1d65b0/
-
SAP fixed maximum-severity bug in NetWeaver
SAP addressed 13 new flaws, including a maximum severity vulnerability in SAP NetWeaver, which could lead to arbitrary command execution. SAP addressed 13 new vulnerabilities, including a maximum severity issue, tracked as CVE-2025-42944 (CVSS score of 10.0) in SAP NetWeaver. The vulnerability is an insecure deserialization that could lead to arbitrary command execution. >>Due to a deserialization…
-
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization.”Due to a deserialization vulnerability in…
-
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization.”Due to a deserialization vulnerability in…
-
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization.”Due to a deserialization vulnerability in…
-
SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP Logon or SAP Assertion Tickets. RatedMediumseverity with a5.3CVSS 3.1 score, the flaw stems from a NULL pointer dereference that triggers memory corruption and process termination. Affected versions include all supported releases…
-
SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP Logon or SAP Assertion Tickets. RatedMediumseverity with a5.3CVSS 3.1 score, the flaw stems from a NULL pointer dereference that triggers memory corruption and process termination. Affected versions include all supported releases…
-
SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP Logon or SAP Assertion Tickets. RatedMediumseverity with a5.3CVSS 3.1 score, the flaw stems from a NULL pointer dereference that triggers memory corruption and process termination. Affected versions include all supported releases…