Page 32 – Onapsis

SAP Security in Today's Threat Landscape

September 21, 2020/in Videos/by Josue

Listen to Tara Khanna at Accenture discuss today’s risk landscape as it applies to SAP security and how Onapsis can help develop your strategy.

Partnering with Onapsis to Add Value for Customers

September 21, 2020/in Videos/by Josue

Hear from James Carrigan at Verizon why they decided to partner with us to help their customers secure their mission-critical applications and add value to their offerings.

Onapsis Risk Assessment Saves Time

September 21, 2020/in Videos/by Josue

Chaitanya Geddam at Accenture talks about how the Onapsis risk assessment process helps their Oracle customers get answers in hours instead of years.

Enabling Your Move to the Cloud with Onapsis

September 21, 2020/in Videos/by Josue

Rex Thexton of Accenture discusses why onapsis is an important part of keeping your mission-critical applications secure and compliant, especially when moving to the cloud.

Volume XV: SAP® Security In-Depth: Preventing Cyberattacks Against SAP Solution Manager

August 7, 2020/in Publications/by Luciana Tabo

Highlighted in a recent IDC survey of 430 IT decision makers, 64% of organizations have experienced a breach of their ERP systems, either SAP or Oracle E-Business Suite. Why?

Attackers are specifically targeting the crown jewels of the organization, supported by their ERP systems
More ERP systems are exposed to the internet than ever before
Traditional perimeter-focused security approaches are not effective at protecting business-critical applications
Software vulnerabilities, if left unpatched, create risk and opportunities for attackers

With this in mind, the Onapsis Research Labs works very closely with both SAP and Oracle to help identify and fix vulnerabilities. When we find a vulnerability, it is our mission to help keep organizations protected. We provide a solution, The Onapsis Platform, and best practices and advice.

Dating back to 2019, SAP has issued three HotNews Security Notes for Solution Manager (SolMan). The most recent in March 2020 addresses a critical vulnerability. An exploit of this vulnerability can be unauthenticated, needing no user credentials, leading to access of any SAP system to potentially cause fraud, theft and disruption.

As a result, the Onapsis Research Labs, who found this SolMan vulnerability, has issued an updated SAP Security In-Depth (SSID) report providing best practices for preventing cyberattacks against SAP SolMan. We highly encourage you to apply this latest SAP patch and also follow our guide for keeping SolMan and your SAP landscape secure.

For more information, check out our blog post analysis of the March 2020 SAP Patch Day

Critical SAP RECON Vulnerability: Who Is At Risk & How to Protect Your Business

July 16, 2020/in Webinars/by Luciana Tabo

Protecting SAP from the Latest RECON Vulnerability

ON DEMAND

SAP’s July Security Notes include a fix for a critical vulnerability – CVSS score of 10 out of 10 – named RECON. Successfully exploiting RECON could give an unauthenticated attacker full access to the affected SAP system, including the ability to modify financial records, view personal identifiable information (PII), corrupt data, delete or modify logs and traces, and other actions that put essential business operations and regulatory compliance at risk.

The Onapsis Research Labs first identified this vulnerability in May 2020 and has worked closely with the SAP Security Response Team on a mitigation strategy. More than 40,000 SAP customers may be vulnerable to RECON, with upwards of 2,500 Internet-facing systems facing even greater risk.

Attend this session to learn:

Details on the RECON vulnerability
The business impact
Why patching is so important
Recommendations for keeping SAP protected

RECON SAP vulnerability affects over 40,000 SAP customers

July 13, 2020/in Reports/by Josue

BigDebIT Vulnerabilities in Oracle EBS - Impact & Remediation Deep Dive

July 8, 2020/in Webinars/by Luciana Tabo

Oracle E-Business Suite BigDebIT

ON DEMAND

The Oracle EBS BigDebIT vulnerabilities were discovered and reported by The Onapsis Research Labs and covered in Oracle’s January 2020 Critical Patch Update (CPU). An attack on the BigDebIT vulnerabilities can be unauthenticated, which would bypass existing Segregation of Duties (SoD) and access controls and other security controls many organizations rely on to cause fraud, theft and disruption.

This session will cover the recent Onapsis Threat Report highlighting a serious example of what a potential attack on Oracle General Ledger would mean to an organization’s financials—presenting a deficiency in IT general controls for Sarbanes-Oxley (SOX) compliance for publicly-traded companies.

Attend this session to learn:

How to protect Oracle EBS and your organization
How more than 21,000 organizations using Oracle EBS may be at risk and the associated security and compliance impact
Details on the BigDebIT vulnerabilities and the example attack scenario on Oracle General Ledger

BigDebIT Vulnerabilities In Oracle Ebs Put Thousands Of Organizations At Risk

May 27, 2020/in Reports/by Josue

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing SAP Business Technology Platform (BTP)

The Book on Cybersecurity for SAP

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

Your S/4HANA Cloud Journey

SAP Security in Today's Threat Landscape

Partnering with Onapsis to Add Value for Customers

Onapsis Risk Assessment Saves Time

Enabling Your Move to the Cloud with Onapsis

Volume XV: SAP® Security In-Depth: Preventing Cyberattacks Against SAP Solution Manager

Critical SAP RECON Vulnerability: Who Is At Risk & How to Protect Your Business

Protecting SAP from the Latest RECON Vulnerability

RECON SAP vulnerability affects over 40,000 SAP customers

BigDebIT Vulnerabilities in Oracle EBS - Impact & Remediation Deep Dive

Oracle E-Business Suite BigDebIT

BigDebIT Vulnerabilities In Oracle Ebs Put Thousands Of Organizations At Risk