Search

Thanks to TV commercials for identity protection services, you’re forgiven for thinking that that dark web is primarily a place where criminals and hackers buy and sell personal information such as credit cards, usernames and passwords, and social security numbers (and other PII). Lately, however, the dark web has seen a flurry of activity for…

In these less than ordinary times, organizations are dealing with disruption at a frequency higher than ever before. An unfortunate side-effect of this COVID crisis has been its impact on employees. Whether furloughed, laid off, or set to take on broader responsibilities, change is happening. And naturally, these changes must be reflected in your ERP…

Time is almost up for companies scrambling to get their data privacy strategies in compliance with the California Consumer Protection Act (CCPA). Beginning as early as July 1, 2020, the California Attorney General’s office can start enforcing the CCPA and handing out penalties of up to $2,500 per violation or up to $7,500 per intentional…

Every organization using SAP ERP applications faces the unique challenge of maintaining a strong security posture while enabling productive business processes. Throw in the uncertainty of today’s rapidly changing environment, and you can bet that IT professionals and business stakeholders are facing misalignment between IT controls and business rules and objectives. To discover how organizations…

A critical SAP vulnerability (CVE-2020-6287 or RECON) was recently discovered by Onapsis that gives attackers TOTAL control of vulnerable business applications. The RECON vulnerability allows hackers to penetrate SAP systems and create new users with administrative privileges, allowing them to manage (read/modify/delete) every record/file/report in the system. The RECON bug is one of those rare…

A critical SAP vulnerability (CVE-2020-6287 or RECON) was recently discovered by Onapsis that gives attackers TOTAL control of vulnerable business applications. It allows hackers to gain unauthenticated access to SAP and then create new user accounts with admin (superuser) privileges. With these privileges, a malicious attacker can do limitless amounts of damage, including stealing data,…

Organizations using traditional, on-premise ERP applications like SAP ECC and Oracle PeopleSoft are facing a rapidly changing reality around the collection, storage, and usage of data. Aside from the growing number of compliance regulations they need to follow, such as GDRP, CCPA, and others, they face critical visibility gaps related (explicitly) to understanding ERP data…

You spend countless hours, not to mention considerable money, to secure your SAP and Oracle ERP data. One day, you discover that cybercriminals have exposed a vulnerability using an application misconfiguration. This has become increasingly common as criminals seek methods to covertly infiltrate applications to gain access to thousands of employee records. This situation happened…

We are in the midst of a perfect storm of ERP security calamity: the greatest work from home experiment colliding with historic levels of employee churn and unemployment. Hackers are exploiting the situation by launching phishing, spear-phishing, and other social engineering attacks at remote workers to gain access to privileged user accounts and email passwords….