Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft’s silence around February’s Patch Tuesday, and a nasty SAP bug.
Tag Archives: SAP
Threatpost News Wrap, May 13, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including zero day vulnerabilities–both in Adobe Flash and Windows, a nasty vulnerability in SAP business applications, Mozilla asking FBI to disclose a Tor exploit, and more.
Attackers Can Use SAP to Bridge Corporate, Operational ICS Networks
Research presented during Black Hat Europe demonstrates how attackers can abuse business applications connected to ICS and SCADA gear.
High-Risk SAP HANA Vulnerabilities Patched
Nearly two dozen critical SAP HANA vulnerabilities have been patched, including a critical misconfiguration of the TrexNet administrative interface.
Static Encryption Key Found in SAP HANA Database
Researchers from ERPScan said SAP’s HANA in-memory database contains a default static encryption key.
SAP Patches DoS Flaw in Netweaver
SAP has released a fix for a remotely exploitable denial-of-service in its Netweaver platform. The bug is confirmed to affect several versions of the platform and may be present in others, as well. Researchers at Core Security discovered the vulnerability and reported it to SAP in June. Netweaver is a platform that allows users to build and […]