Juan Pablo leads the Research & Development teams that keeps Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing’s and Standards.
CTO JP Perez-Etchegoyen answers six questions around recent SAP application exploitation activity and shares tips for SAP security and next steps organizations can take to protect their critical systems.
Three Actively Exploited SAP Vulnerabilities Identified by Onapsis Research Labs: What You Need to Know
The Onapsis Research Labs detected active exploitation activity related to three vulnerabilities that were already patched by SAP.
Onapsis Chief Technology Officer JP Perez-Etchegoyen explains why an enterprise cybersecurity strategy for protecting business-critical applications should start with alignment to a strong security framework.
Onapsis Research Labs advise extra vigilance during this time. Please take extra steps to ensure that your organization and your business-critical applications are protected and resilient.
Onapsis Research Labs discovered a set of extremely critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM) component. This discovery requires immediate attention by most SAP customers.
Threat group 'Elephant Beetle' exploited two SAP vulnerabilities to steal millions of dollars from financial organizations. Here's what that means for your SAP security.
According to reports, nearly 70% of enterprises were moving mission-critical business functions and processes to the cloud before the pandemic. In today’s new normal, that number has skyrocketed. Organizations increasingly rely on mission-critical cloud applications, such as SAP SuccessFactors and Salesforce, to help modernize business practices, streamline processes, and provide increased flexibility to adapt to work-from-anywhere initiatives.
Anywhere from 2,500 up to potentially 10,000 internet-facing systems were exposed to RECON at the date of the release of the patch. Considering those numbers and that approximately 30% to 40% of the systems could still be vulnerable (based on estimations of diverse samples), that provides an enormous attack surface and risk. Learn more in our blog post here.
The Onapsis Research Labs works very closely with Oracle to report potential security vulnerabilities for Oracle to fix and for Oracle customers to patch. We love to talk about not only the work we do but also the benefits of keeping up with patches and maturing the security posture of your ERP Applications.