Welcome to the final installment of our series on the Dangers in SAP Transport Management. In our final post, we’ll focus on how an attacker could leverage logical file names and logical OS commands within SAP transports to access, modify and exfiltrate data.
Thumbnail
Leveraging our Partner Ecosystem to Quickly Respond to Active Cyber Threats Targeting Mission-Critical SAP Applications
Recently, Onapsis and SAP released research that provides conclusive evidence that the impact and probability of attacks on unprotected SAP applications is putting organizations at extremely high risk.
Thumbnail
Active Cyber Threats Targeting Mission-Critical SAP Applications
Onapsis and SAP are releasing a new threat intelligence alert and detailed report to help SAP customers protect themselves from active cyber threats seeking to specifically target, identify and compromise organizations running unprotected SAP applications, through a variety of cyberattack vectors.
Thumbnail
Dangers in SAP® Transport Management Part 4
Welcome back to our blog series on the Dangers in SAP® Transport Management. In this fourth installment, we’re focused on automated code execution while importing.
Thumbnail
Dangers in SAP Transport Management: Part 3
This is part three of our blog series on the Dangers in SAP Transport Management. In part one, we give an intro to SAP Transports. In part two, we went over the starting point of this attack, the transaction SU24. In this third installment, we’re focused on the manipulation of job management and its associated risks to SAP Transports.
Thumbnail
Survey Highlights Security Is Top of Mind for SAP Transformation and Cloud Migration Projects
In coordination with Onapsis, the Americas SAP Users’ Group (ASUG) recently conducted a research project to better understand how SAP customers are thinking about major transformation and cloud migration projects, the decision-makers involved and how they are moving their businesses forward.
Thumbnail
The Risks of Third Party Software in SAP
The SolarWinds attack was detected in late 2020 and is already considered one of the most critical cyber threats ever. Learn more in our blog post now.
Thumbnail
Dangers in SAP Transport Management: Part 2
The first article of this series spoke about the global deactivation of authorization checks for single authorization objects per transport. A similar risk results from the possibility of deactivating authorization checks transaction-specifically. With this method, it is even more difficult to detect an attack, as the impact can be limited to one transaction.
Thumbnail
New SAP Exploit Published Online: How to Stay Secure
The Onapsis Research Labs has identified a functional exploit affecting SAP which was published on GitHub, making it publicly available for malicious purposes. A successful attack exploiting this vulnerability would put an organization’s mission-critical SAP applications, business process and data at risk—impacting cybersecurity and regulatory compliance.
Thumbnail
Dangers in SAP Transport Management: Part 1
Part one of our blog series, Dangers in Transport Management, discusses circumventing Authority Checks.
