July 23, 2024 at 03:51AM Israeli cloud security company Wiz rejects a $23 billion offer from Alphabet, choosing to pursue an IPO as originally planned. Antitrust and investor concerns led to the deal’s collapse. Backed by venture capital firms, Wiz aims for an annual recurring revenue of $1 billion and focuses on its cloud security … Read more
July 18, 2024 at 11:03AM SAP’s AI Core service was recently vulnerable to attacks, potentially allowing access to customer data, as reported by Wiz. The flaws were discovered and reported to SAP by Wiz, which led to the release of patches for the bugs in May. The vulnerabilities could have allowed attackers to execute code … Read more
July 9, 2024 at 10:21AM SAP released 16 new and 2 updated security notes for July 2024, addressing high-severity vulnerabilities in PDCE and SAP Commerce. The PDCE bug (CVE-2024-39592) could allow unauthorized data access, while the SAP Commerce issue (CVE-2024-39597) could enable access to improperly configured sites. 15 medium-severity issues in various SAP products were … Read more
June 11, 2024 at 08:03AM SAP released ten new and two updated security notes, including high-priority fixes for cross-site scripting in Financial Consolidation and denial-of-service in SAP NetWeaver AS Java. Eight medium-severity vulnerabilities were also addressed in various products, with potential impacts like DoS, file uploads, information disclosure, and data tampering. Two low-severity issues were … Read more
April 18, 2024 at 12:40PM Hackers are increasingly targeting SAP applications and data in organizations, driven by migration to the cloud and improved ability to exploit security gaps. Ransomware attacks on SAP systems have risen by 400%, with pricing for SAP exploits following suit. Threat actors, including APT10 and FIN7, are exploiting vulnerabilities in various … Read more
April 9, 2024 at 09:42AM SAP released 10 new security notes and updated 2, patching high-severity vulnerabilities. One note addresses a security misconfiguration issue in NetWeaver AS Java UME, allowing simple passwords despite requirements. Onapsis clarifies the issue’s cause and recommends applying SAP’s patches regardless of feature status. The remaining notes fix medium-severity issues in … Read more
March 12, 2024 at 02:04PM SAP released 10 new and two updated security notes as part of its March 2024 Security Patch Day, addressing serious bugs in business-facing products. Three “hot news” notes resolve critical vulnerabilities in the Chromium browser, the lodash utility library, and a code injection flaw in the NetWeaver AS Java. The … Read more