Juan Pablo leads the Research & Development teams that keeps Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing’s and Standards.
Onapsis Research Labs advise extra vigilance during this time. Please take extra steps to ensure that your organization and your business-critical applications are protected and resilient.
Onapsis Research Labs discovered a set of extremely critical vulnerabilities affecting SAP applications actively using the SAP Internet Communication Manager (ICM) component. This discovery requires immediate attention by most SAP customers.
Threat group 'Elephant Beetle' exploited two SAP vulnerabilities to steal millions of dollars from financial organizations. Here's what that means for your SAP security.
According to reports, nearly 70% of enterprises were moving mission-critical business functions and processes to the cloud before the pandemic. In today’s new normal, that number has skyrocketed. Organizations increasingly rely on mission-critical cloud applications, such as SAP SuccessFactors and Salesforce, to help modernize business practices, streamline processes, and provide increased flexibility to adapt to work-from-anywhere initiatives.
Anywhere from 2,500 up to potentially 10,000 internet-facing systems were exposed to RECON at the date of the release of the patch. Considering those numbers and that approximately 30% to 40% of the systems could still be vulnerable (based on estimations of diverse samples), that provides an enormous attack surface and risk. Learn more in our blog post here.
The Onapsis Research Labs works very closely with Oracle to report potential security vulnerabilities for Oracle to fix and for Oracle customers to patch. We love to talk about not only the work we do but also the benefits of keeping up with patches and maturing the security posture of your ERP Applications.
The leading cloud service providers take security very seriously. However, you can see in pretty much any cloud security survey, the biggest data breaches occur because of how customers adopt, configure and use the cloud.
The Department of Homeland Security Computer Emergency Readiness Team has released the second alert of 2019 that focused on SAP applications. Read more now.