Tag: sap
-
SAP Patchday Juli 2025 – 6 kritische Schwachstellen beim SAP-Patchday
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-sap-juli-2025-a-80c3bdf40973d33618541a8764f73bdc/
-
Teil 2: Kernaspekte eines SAP-Cybersicherheitsprogramms – Cybersicherheit für SAP: Umsetzung in der Praxis
First seen on security-insider.de Jump to article: www.security-insider.de/cybersicherheit-fuer-sap-schutz-geschaeftskritische-daten-a-a43f3ff17bd0a3e9efed3c380b33bef1/
-
Microsoft developer ported vector database coded in SAP’s ABAP to the ZX Spectrum
The mighty Z80 processor ran the code at astounding speed, proving retro-tech got a lot of things right First seen on theregister.com Jump to article: www.theregister.com/2025/07/08/sap_abap_db_spectrum_port/
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
SAP July”¯2025 Patch Day: Fixes for 27 Flaws, Including 7 Critical
SAP released critical security updates on July 8, 2025, addressing 27 vulnerabilities across its enterprise software portfolio, with seven classified as critical-severity flaws. The monthly Security Patch Day also included three updates to previously released security notes, underscoring the ongoing security challenges facing enterprise software environments. The most severe vulnerability, CVE-2025-30012, affects SAP Supplier Relationship Management’s…
-
Has CISO become the least desirable role in business?
Tags: advisory, ai, business, cio, ciso, control, corporate, cybersecurity, data, dora, finance, governance, international, jobs, network, office, regulation, resilience, risk, sap, skills, startup, threatGeorge Gerchow, CSO, Bedrock Security George Gerchow / Bedrock Security”I’ll never report to a CTO or CFO again. I have to have seat at the table,” he says emphatically. Otherwise, he says, you become frustrated “because you’re not in control of your own destiny. You’re parsing everything to this other person who’s a leader in…
-
Teil 1: Häufigste Sicherheitslücken und typische Angriffe – Cybersicherheit für SAP: Grundlagen & Best Practices
First seen on security-insider.de Jump to article: www.security-insider.de/sap-sicherheit-herausforderungen-best-practices-a-1201b8b36ac5604dd37822c6a593cdb7/
-
Breach Roundup: UK NHS Links Patient Death to Ransomware Attack
Also, O Canada, Oh Brother and More Probable Chinese Hacking. This week, ransomware kills, Salt Typhoon hit Canada, Russian backdoors, SAP and Citrix patches, China hackers in the oil and energy sector. Brother printers have an unfixable flaw. Ransomware hit a U.S. dairy cooperative. Hackers in Albania and Oxford. European lawmakers heard cybersecurity advice. First…
-
SAP-Schwachstellen gefährden Windows-Nutzerdaten
Tags: access, compliance, cve, cvss, cyberattack, encryption, fortinet, GDPR, PCI, phishing, risk, sap, spear-phishing, update, vulnerability, windowsSchwachstellen in SAP GUI geben sensible Daten durch schwache oder fehlende Verschlüsselung preis.Die Forscher Jonathan Stross von Pathlock, und Julian Petersohn von Fortinet warnen vor zwei neuen Sicherheitslücken in einer Funktion von SAP GUI, die für die Speicherung der Benutzereingaben in den Windows- (CVE-2025-0055) und Java-Versionen (CVE-2025-0056) zuständig ist .Dadurch werden sensible Informationen wie Benutzernamen,…
-
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions.The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January First…
-
SAP GUI flaws expose sensitive data via weak or no encryption
Tags: attack, breach, cve, data, encryption, exploit, flaw, phishing, sap, spear-phishing, threat, update, vulnerability, windowsThe impact could be much greater: Dani noted that a breach through these vulnerabilities can facilitate further targeted attacks. “Not undermining the fact that this extracted data provides attackers with enough gunpowder for reconnaissance activities, a threat actor could comprehend organizational structure, usage patterns, and system configurations from the exploitation of these vulnerabilities and weaponize…
-
XOR Marks the Flaw in SAP GUI
The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user’s input history feature. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/xor-flaw-sap-gui
-
SAP GUI Input History Found Vulnerable to Weak Encryption
Two SAP GUI vulnerabilities have been identified exposing sensitive data due to weak encryption in input history features First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sap-gui-vulnerable-weak-encryption/
-
Unternehmen mit Neuausrichtung ihrer SAP-Strategie – Ausreichend Spielraum trotz Cloud als Priorität
First seen on security-insider.de Jump to article: www.security-insider.de/ausreichend-spielraum-trotz-cloud-als-prioritaet-a-3f24477954dab9170972590515cff9a2/
-
Europe’s cloud datacenter ambition ‘completely crazy’ says SAP CEO
Christian Klein sees little benefit from trying to compete with the dominant hyperscalers First seen on theregister.com Jump to article: www.theregister.com/2025/06/09/europes_cloud_datacenter_ambition/
-
SAP June 2025 Security Patch Day fixed critical NetWeaver bug
SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch released in June 2025 Security Patch. SAP June 2025 Security Patch addressed a critical NetWeaver vulnerability, tracked as CVE-2025-42989 (CVSS score of 9.6), allowing threat actors to bypass authorization checks and escalate their privileges. >>RFC inbound processing does not perform…
-
SAP NetWeaver Vulnerability Allows Attackers to Escalate Privileges
A critical vulnerability in the SAP NetWeaver Application Server AS ABAP has been disclosed under SAP Security Note #3600840, carrying a near-maximum CVSS score of 9.6. This flaw, rooted in a Missing Authorization Check within the Remote Function Call (RFC) framework, poses a severe risk to system integrity and availability. Authenticated attackers can exploit this…
-
Severe SAP NetWeaver Vulnerability Allows Attackers to Bypass Authorization Checks
SAP has released nineteen security patches in its June Patch Day, addressing critical vulnerabilities that could allow attackers to bypass authorization controls and escalate privileges across multiple enterprise systems. The update includes two HotNews Notes and seven High Priority Notes, with immediate action recommended for organizations running affected SAP environments. The most severe vulnerability, tracked…
-
SAP Security Patch Day: 14 Vulnerabilities Resolved Across Various Products
SAP’s June 10, 2025 Security Patch Day delivered critical security updates addressing 14 distinct vulnerabilities across the enterprise software portfolio. The security notes span severity levels from Critical (CVSS 9.6) to Low (CVSS 3.0), encompassing core platform components, business applications, and integration frameworks. Organizations are strongly advised to prioritize patch deployment based on vulnerability severity…
-
ERP-Cloudmigration am Beispiel von SAP S/4HANA – Sichere Umstellung auf Cloud ERP
First seen on security-insider.de Jump to article: www.security-insider.de/sichere-cloudmigration-erp-systeme-s4hana-rise-sap-a-9644c81aab9e2e68349083c2881ea6b2/
-
Why SAP security updates are a struggle for large enterprises
In this Help Net Security video, Jonathan Stross, SAP Security Analyst at Pathlock, examines why managing SAP security updates is so complex for enterprises. From highly … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/05/sap-security-updates-video/
-
China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023.”The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted…
-
‘Everest Group’ Extorts Global Orgs via SAP’s HR Tool
In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/everest-group-extorts-global-orgs-hr-tool
-
Betrieb im eigenen Rechenzentrum: Cloudlösung der Bundeswehr kommt von Google
Die Air-Gapped-Lösung von Google Cloud soll zum Betrieb geschäftskritischer SAP-Anwendungen der Bundeswehr verwendet werden. First seen on golem.de Jump to article: www.golem.de/news/betrieb-im-eigenen-rechenzentrum-cloudloesung-der-bundeswehr-kommt-von-google-2505-196614.html
-
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, email, exploit, flaw, google, infrastructure, ivanti, kev, router, sap, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions…
-
Qilin Exploits SAP Zero-Day Vulnerability Weeks Ahead of Public Disclosure
Tags: authentication, control, cve, cyber, cybersecurity, endpoint, exploit, flaw, malicious, sap, vulnerability, zero-dayCybersecurity experts at OP Innovate have uncovered evidence that CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver Visual Composer, was actively exploited nearly three weeks before its public disclosure. This flaw, residing in the /developmentserver/metadatauploader endpoint, lacks proper authentication and authorization controls, enabling unauthenticated attackers to upload malicious files like web shells, leading to potential…
-
News brief: Patch critical SAP, Samsung and chat app flaws now
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366623968/News-brief-Patch-critical-SAP-Samsung-and-chat-app-flaws-now
-
SAP Patchday Mai 2025 – Update für kritische NetWeaver-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/sap-sicherheitsupdates-mai-2025-patchday-a-f29f32ffb3db6ba91d3f3e9042755b5a/
-
U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According toBinding Operational…