Tag: sap

SAP-Sicherheit und Berechtigungsmanagement – Wie cyberresilient ist SAP GRC wirklich?

Jan 29, 2026 9:23 AM

Tags: grc, sap

First seen on security-insider.de Jump to article: www.security-insider.de/sap-grc-haerten-firefighter-eam-sap-sicherheit-a-fb9b70538a1c5da4fd6f0928ba449fed/
Critical CERT-In Advisories January 2026: SAP, Microsoft, and Atlassian Vulnerabilities

Jan 27, 2026 8:20 AM

Tags: finance, flaw, identity, microsoft, sap, tool, vulnerability, windows

January 2026 was a wake-up month for enterprise security teams. In a single week, CERT-In released three high-severity advisories exposing critical flaws across SAP, Microsoft, and Atlassian, the very platforms that run finance systems, identity layers, developer pipelines, and collaboration tools inside most enterprises. These weren’t theoretical bugs. One Windows vulnerability was already being exploited……
Technische Härtung, Identity Controls und Detektion für SOC-Betrieb – Initiale Sicherheitskonfiguration von SAP S/4HANA

Jan 23, 2026 11:31 AM

Tags: control, identity, sap, soc

First seen on security-insider.de Jump to article: www.security-insider.de/sap-s4hana-initiale-sicherheitskonfiguration-a-5b0099d45e74f0640dccb4370b99f649/
Zero-Day-Lücke in SAP NetWeaver – Von der Lücke zur Welle: Was CVE-2025-31324 über ERP-Exploits verrät

Jan 22, 2026 11:30 AM

Tags: cve, exploit, sap, zero-day

First seen on security-insider.de Jump to article: www.security-insider.de/cve-2025-31324-sap-netweaver-exploit-welle-a-9c97284841d692acc3069a5864c52c5b/
Five Chrome Extensions Used to Hijack Enterprise HR and ERP Systems

Jan 19, 2026 11:13 AM

Tags: browser, chrome, control, cyber, malicious, sap, threat

Socket’s Threat Research Team has uncovered a coordinated Chrome extension campaign targeting enterprise HR and ERP platforms, including Workday, NetSuite, and SAP SuccessFactors. Five malicious extensions, collectively installed over 2,300 times, work together to steal session tokens, block security controls, and enable complete account takeover through session hijacking. Four of the extensions are published under…
January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention

Jan 14, 2026 7:11 PM

Tags: access, attack, authentication, browser, cloud, cve, cvss, cyber, exploit, flaw, injection, ivanti, kev, malicious, microsoft, monitoring, oracle, remote-code-execution, risk, sap, service, sql, startup, threat, update, vulnerability, windows, zero-day

More priorities: Executives should also prioritize rapid patching and risk reduction efforts this month around the Windows Local Security Authority Subsystem Service Remote Code Execution, Windows Graphics Component Elevation of Privilege, and Windows Virtualization Based Security Enclave Elevation of Privilege flaws, Bicer said, as these vulnerabilities directly enable full system or trust boundary compromise.Strategic focus…
SAP January 2026 Security Patch Day Fixes Critical Injection and RCE Flaws

Jan 13, 2026 8:02 PM

Tags: attack, cyber, flaw, injection, rce, remote-code-execution, sap, sql, threat, update, vulnerability

SAP released 17 new security notes on January 13, 2026, addressing vulnerabilities affecting widely deployed enterprise systems. The patch day includes four critical-severity flaws spanning SQL injection, remote code execution, and code injection attacks that could allow authenticated and unauthenticated threat actors to compromise SAP environments. Critical Vulnerabilities Demand Immediate Attention The most severe vulnerabilities…
SAP Defense in Focus as Zerlang Takes Over at SecurityBridge

Jan 13, 2026 1:02 AM

Tags: ceo, defense, risk, sap

New CEO Jesper Zerlang Plans Global Growth, US Push and Vertical Expansion. Former Logpoint chief Jesper Zerlang, now CEO at SecurityBridge, says SAP security remains a weak link in enterprise risk strategies. As CEO of SecurityBridge, he’s launching a global expansion and leaning into the company’s product differentiators to fill the gap. First seen on…
Stress caused by cybersecurity threats is taking its toll

Jan 5, 2026 7:52 PM

Tags: awareness, breach, cio, cyber, cyberattack, cybersecurity, defense, detection, group, incident, jobs, mfa, password, phishing, ransomware, resilience, risk, sap, service, social-engineering, threat

The roots of cyber stress: Cyber employees can feel pressure for a number of reasons. Many sense they have to maintain a constant state of vigilance to spot any phishing, ransomware and social engineering threats that come in. Many fear that one wrong click, by them or by a colleague, could compromise the company and…
SAP Patchday Dezember 2025 – Drei kritische Sicherheitslücken zum letzten SAP-Patchday 2025

Dec 16, 2025 8:19 AM

Tags: sap

First seen on security-insider.de Jump to article: www.security-insider.de/sap-patchday-dezember-2025-updates-a-de8d1d449d90f0b75141391e402251b4/
Personal Branding geht auch ohne Agentur

Dec 10, 2025 6:32 AM

Tags: business, germany, sap, vmware

Das Experten-Netzwerk rückt Ihr Fachwissen in den Fokus optimal präsentiert auf unseren B2B-Plattformen.Was gut ist, kommt bekanntlich wieder. So auch das Experten-Netzwerk von CSO Deutschland, Computerwoche und CIO.de. Selbst wenn Sie davon noch nie zuvor etwas gehört haben: Vertrauen Sie uns, dieses Comeback ist eine gute Sache! Personal Brand als Experte ausbauen Denn das deutschsprachige…
Personal Branding geht auch ohne Agentur

Dec 10, 2025 6:32 AM

Tags: business, germany, sap, vmware

Das Experten-Netzwerk rückt Ihr Fachwissen in den Fokus optimal präsentiert auf unseren B2B-Plattformen.Was gut ist, kommt bekanntlich wieder. So auch das Experten-Netzwerk von CSO Deutschland, Computerwoche und CIO.de. Selbst wenn Sie davon noch nie zuvor etwas gehört haben: Vertrauen Sie uns, dieses Comeback ist eine gute Sache! Personal Brand als Experte ausbauen Denn das deutschsprachige…
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Dec 10, 2025 6:32 AM

Tags: authentication, cve, exploit, flaw, fortinet, ivanti, sap, vulnerability

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution.The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and First seen…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
SAP fixes three critical vulnerabilities across multiple products

Dec 10, 2025 12:32 AM

Tags: sap, update, vulnerability

SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sap-fixes-three-critical-vulnerabilities-across-multiple-products/
SAP Issues Critical Patches for Major Code Execution Flaws

Dec 9, 2025 5:32 PM

Tags: flaw, sap, vulnerability

SAP has issued new security notes and patches for vulnerabilities that could enable code execution and system compromise. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/sap-issues-critical-patches-for-major-code-execution-flaws/
How Chinese-owned Radisson Hotel Group split US enterprise resource planning

Dec 9, 2025 5:32 PM

Tags: china, computer, conference, group, sap

During the UK and Ireland SAP user group conference in Birmingham, Computer Weekly met with the SAP platform lead at Radisson Hotel Group First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636253/How-Chinese-owned-Radisson-Hotel-Group-split-US-enterprise-resource-planning
SAP Security Patch Day Fixes Critical Flaws in Solution Manager, NetWeaver More

Dec 9, 2025 2:32 PM

Tags: cyber, flaw, sap, update, vulnerability

SAP has released its December 2025 Security Patch Day updates, addressing 14 new security notes that fix multiple critical and high”‘severity vulnerabilities across key enterprise products. Administrators are strongly advised to review the latest security notes in the SAP Support Portal and apply the patches without delay to protect their SAP environments. The most serious…
SAP Security Patch Day Fixes Critical Flaws in Solution Manager, NetWeaver More

Dec 9, 2025 2:32 PM

Tags: cyber, flaw, sap, update, vulnerability

SAP has released its December 2025 Security Patch Day updates, addressing 14 new security notes that fix multiple critical and high”‘severity vulnerabilities across key enterprise products. Administrators are strongly advised to review the latest security notes in the SAP Support Portal and apply the patches without delay to protect their SAP environments. The most serious…
Hardening browser security with zero-trust controls

Dec 5, 2025 6:32 PM

Tags: access, api, authentication, automation, browser, chrome, cisa, cloud, compliance, container, control, corporate, credentials, crowdstrike, data, data-breach, detection, edr, email, encryption, endpoint, exploit, fido, finance, framework, google, governance, group, Hardware, identity, kubernetes, least-privilege, login, malicious, malware, mfa, microsoft, network, nist, okta, passkey, password, phishing, phone, risk, risk-assessment, sap, service, soar, theft, threat, tool, update, wifi, windows, zero-trust

1. Identity-first access control Network proximity is now an inferior trust signal. Only federated, cryptographically verifiable identity tokens issued by centralized enterprise IdPs using OIDC or SAML are permitted as gates to corporate resources. This transition, well-documented by FIDO Alliance and Microsoft research, transfers the very concept of “inside” the organization from the network to…
Patchday von Microsoft, SAP & Co – Was ist der Patchday?

Dec 5, 2025 1:32 PM

Tags: microsoft, sap

First seen on security-insider.de Jump to article: www.security-insider.de/was-ist-der-patchday-a-e4fc5ad550cb9fd8bfa6838fc13f2be6/
Frühwarnsystem für SAP – Onapsis-Integration macht Microsoft Sentinel zur SAP-Sicherheitszentrale

Dec 2, 2025 9:49 AM

Tags: microsoft, sap

First seen on security-insider.de Jump to article: www.security-insider.de/onapsis-microsoft-integriertes-sap-sicherheitsmonitoring-a-da35a1c6955dcbd2ea851de915a779b6/
Asda’s ‘self-inflicted’ SAP mess after Walmart divorce stalls financial revival

Dec 1, 2025 3:49 PM

Tags: finance, sap

Overbudget Project Future will continue to cause problems into Q2 next year, chairman admits First seen on theregister.com Jump to article: www.theregister.com/2025/12/01/asda_walmart_tech_divorce/
Bundeswehr S/4Hana: SAP räumt mangelnde Softwarequalität ein

Nov 29, 2025 11:49 AM

Tags: sap

Laut Verteidigungsministerium kann das spezielle S/4Hana für die Bundeswehr nicht abgenommen werden. Es ist eine der größten SAP-Systemlandschaften in ganz Europa. First seen on golem.de Jump to article: www.golem.de/news/bundeswehr-s4-hana-sap-raeumt-mangelnde-softwarequalitaet-ein-2511-202718.html
Bundeswehr S4/Hana: SAP räumt mangelnde Softwarequalität ein

Nov 28, 2025 2:49 PM

Tags: sap

Laut Verteidigungsministerium kann das spezielle S4/Hana für die Bundeswehr nicht abgenommen werden. Es ist eine der größten SAP-Systemlandschaften in ganz Europa. First seen on golem.de Jump to article: www.golem.de/news/bundeswehr-s4-hana-sap-raeumt-mangelnde-softwarequalitaet-ein-2511-202718.html
IT-Beratungshaus entplexit setzt auf SecurityBridge für mehr SAP-Sicherheit

Nov 25, 2025 12:49 PM

Tags: cyberattack, sap

Die Bedrohungslage im Mittelstand hat sich in den vergangenen Jahren massiv verschärft. Cyberangriffe werden gezielter und komplexer, gleichzeitig wachsen die potenziellen Angriffsflächen in umfangreichen SAP-Landschaften. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/it-beratungshaus-entplexit-setzt-auf-securitybridge-fuer-mehr-sap-sicherheit/a42952/
SAP Patchday November 2025 – Fest kodierte Anmeldedaten im SAP SQL Anywhere Monitor

Nov 18, 2025 7:49 AM

Tags: sap, sql

First seen on security-insider.de Jump to article: www.security-insider.de/sap-patchday-november-2025-netweaver-updates-a-eb27ea246e5170fe07d2e383e2c6276c/
SAP Patches Severe Code Injection Flaw Enabling System Takeover

Nov 13, 2025 8:50 PM

Tags: flaw, injection, sap

SAP’s latest emergency patches reveal how one critical flaw in core management systems can expose an entire enterprise to takeover. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/sap-patches-severe-code-injection-flaw-enabling-system-takeover/