Friday, 26 December 2014

More critical vulnerabilities in SAP systems


More critical vulnerabilities in SAP systems
7% more Security Notes with respect to 2013, 46% of them critically + SAP HANA, mobile platforms and SAP users targets of attacks in 2015 + SAP security can no longer be hidden for longer - this is the conclusion of the SAP Security Advisories 2014 to 2015 the Onapsis published.

The expert team of Onapsis Research Labs warns in his new Trend Report for SAP security against the growing threat of SAP systems by threats such as Heartbleed, Shellshock, Poodle and Zombie Zero. The analysis shows that 2014 has increased over the previous year, the number of vulnerabilities and exploits that threaten the security of SAP systems. Elaborate threats that target SAP systems with business-critical applications take, even disproportionately strong. A special focus on SAP HANA, mobile threats and directed to such attacks should be for 2015, which have the SAP user directly in his sights.

This year there were 391 SAP Security Notes, of which 46 percent describe vulnerabilities with high priority. The Onapsis Research Labs report that 44 of these weaknesses, and 35 advisories SAP platform and related products concern, which form the basis for CRM and ERP systems such as SAP HANA, Business Objects and SAP Business Suite.

Organizations using SAP Business Objects to track and analyze business performance and reporting. SAP BASIS, however, is limited to the administrative functions and processes within an SAP system, for example, the database, the supporting architecture and user interface.

Complex attacks, which offset the non-SAP security unrest related and affect SAP platforms. Thus, the most critical threats Heartbleed (CVE-2014-0160), Shellshock (CVE-2014-6271) Poodle (CVE-2014-3566) and malware like Zombie Zero. The increase in the area of complex attacks continued in 2014 continued. This includes also the frequent appearance of malware that is precisely aligned to SAP systems - can spy about the Win32 / Gamker Trojan that SAPGUI client

Data must be protected in the cloud and on terminals

"The security industry has never been as complex as today. Starting next year, more and more companies are revising their strategies and begin or continue their processes to migrate to the cloud," said Ezequiel Gutesman, Director of Research at Onapsis Research Labs. 2015 exploit vulnerabilities in key platforms such as SAP HANA undoubtedly hackers. SAP HANA is a central element of the SAP ecosystem. Therefore, the data stored in the SAP platform data must be protected both in the cloud and on the access devices of end users. Risk factors such as stored credentials and cached content therefore require special attention. Given the evolution of the threat in the industry, we offer all SAP users regularly Safety and recommend steps to protect their most critical business data in the coming year."

No comments:

Post a Comment