SAP Cyber Threat Intelligence report – February 2018

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats. Key takeaways The first set of SAP Security Notes in 2018 consists of 26 The post SAP Cyber Threat Intelligence report – February 2018 appeared first on ERPScan.
Read more

Are you sure your ERP is not a crypto mining farm?

Hackers are not walking past the hype. While cryptocurrency becomes a new hot topic in the financial world, hackers are said to start using vulnerable systems for cryptocurrency mining. Mining malware is distributed to victim servers through various vulnerabilities. For example, unpatched Oracle WebLogic servers can work for perfect loopholes to be exploited with Monero The post Are you sure your ERP is not a crypto mining farm? appeared first on ERPScan.
Read more

PeopleSoft Campus Solutions Business Risks

What kind of malicious actions can cybercriminals perform if they get access to PeopleSoft via one or another vulnerability? The CIA well-known triad (Confidentiality, Integrity, and Availability) is used to manage cybersecurity. As for ERP Systems, these terms transform into Espionage, Sabotage, and Fraud, which are considered as the main risks. PeopleSoft Campus Solutions is The post PeopleSoft Campus Solutions Business Risks appeared first on ERPScan.
Read more

Oracle MICROS POS breached again

The security issue of POS systems is nothing new. Breaches in point-of-sale payment terminals have already been highlighted in the media. Taking into consideration that this device is connected with personal information, orders and card details, small wonder that it often becomes a hacker’s coveted choice. What matters here is that in 2016, Oracle MICROS The post Oracle MICROS POS breached again appeared first on ERPScan.
Read more

HTTP Header Injection

Injections are vulnerabilities that occur when an application provides no or a bad user input validation. An attacker can inject malicious data, thus performing non-intended actions in a system. Such vulnerability may result in the major SAP risks (Espionage, Sabotage, and Fraud). We continue considering Injections from the list that we discussed in our Introduction to The post HTTP Header Injection appeared first on ERPScan.
Read more

Analyzing Oracle Security – Oracle Critical Patch Update January 2018

Today Oracle has released its quarterly patch update for January 2018. It fixes a total of 237 vulnerabilities. The main highlights are as follows: The current CPU contains 153 vulnerabilities in Business-Critical Applications. It is 64% of the vulnerabilities found in other Oracle products. The highest CVSS 3.0 Base Score for vulnerabilities in Business Applications The post Analyzing Oracle Security – Oracle Critical Patch Update January 2018 appeared first on ERPScan.
Read more

JOLTandBLEED Details and PoC

On November 15, 2017, Oracle published urgent critical updates related to JoltAndBleed vulnerability (CVE 2017-10269). Today we released its proof of concept. As you remember, this vulnerability allows an attacker to gain full access to all data stored in the following ERP systems: Oracle PeopleSoft Campus Solutions Oracle PeopleSoft Human Capital Management Oracle PeopleSoft Financial The post JOLTandBLEED Details and PoC appeared first on ERPScan.
Read more

Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search

In the previous articles of Perfect SAP Penetration testing series, we reviewed a general approach to pentesting SAP Systems and finding vulnerabilities which makes possible obtaining administrator privileges in the SAP system. If you are new to this series, please refer to the previous articles: What is SAP penetration testing? Perfect SAP Penetration testing. Part The post Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search appeared first on ERPScan.
Read more

SAP Cyber Threat Intelligence report – January 2018

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats. Key takeaways The first set of SAP Security Notes in 2018 consists of 10 The post SAP Cyber Threat Intelligence report – January 2018 appeared first on ERPScan.
Read more

10 most unusual cyberattacks

While there are many common scenarios of breaches that include classic database thefts, ransomware, phishing or DoS, some hackers provide exceptional originality and their imaginary can astonish you. Here is the list of top-10 most unusual cyberattacks of 2017. 1. Criminal friendship What would you do for a friendship? As for a Michigan man, Konrads The post 10 most unusual cyberattacks appeared first on ERPScan.
Read more
Page 1 of 41234