Onapsis Research Labs shares some of the top SAP security vulnerabilities organizations should be aware of from 2022.
Thumbnail
The Risks of SAP RFC Callbacks and How to Avoid Them
This blog explains SAP RFC Callbacks and how to protect your SAP systems.
Thumbnail
Protect SAP Systems With Unified Connectivity Framework (UCON)
This blog post will explain the main aspects of Unified Connectivity Framework (UCON) and how it can be used to decrease the attack surface for malicious RFC calls by 95%.
Thumbnail
AppsMas: A Look Back at the 2022 ERP Security Landscape (Video)
Let’s take a look back at the 2022 ERP Security Landscape and what we can learn from it.
Thumbnail
SAP Development System: A Critical Entry Point for Attacks
SAP development systems are an often underestimated entry point for attacks.
Thumbnail
Onapsis Research Labs Discovers and Helps Remediate 1,000+ Cybersecurity Vulnerabilities in Business Applications
Onapsis Research Labs, our team of offensive security professionals dedicated to hunting down vulnerabilities within ERP applications, has discovered and helped remediate over 1,000 zero day ERP vulnerabilities within SAP and Oracle applications.
Thumbnail
Threat Actors Exploit ERP Vulnerabilities for Financial Gain
Threat actors are exploiting ERP vulnerabilities for financial gain.
Thumbnail
Password Hash Cracking, User Cloning, and User Impersonation: Three Risks Every SAP Customer Should Know
Password hash cracking, user cloning, and user impersonation are realistic attack scenarios in SAP systems. This blog post explains how SAP customers can protect their systems.
Thumbnail
Unpatched ERP Vulnerabilities Haunt Organizations
What's spookier than ghosts and goblins? Threats to your company's ERP systems. Read how unpatched ERP vulnerabilities can still be a target for cyberattacks.
Thumbnail
ICMAD Vulnerability Added to CISA’s Known Exploited Vulnerabilities Catalog
On August 18, 2022 the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability–CVE-2022-22536–to its Known Exploited Vulnerabilities Catalog. Though this vulnerability was discovered earlier this year, this validation from CISA shows that organizations should prioritize action immediately.
