Cyber security news for all

More

    SAP systems are often configured incorrectly and are therefore vulnerable

    Many SAP installations are vulnerable to critical security holes. The Cyber ​​Security and Digital Infrastructure Bureau is now warning of increased threats from attacks on known vulnerabilities and misconfigurations in SAP systems. With the release of an exploit kit called 10KBLAZE, it is now very easy to compromise such systems. Onapsis estimates that 9 of 10 SAP installations worldwide with more than 50,000 customers are affected.

    10KBLAZE Abuses A Number Of Security Gaps

    In its security report, the CISA lists three main points of attack. Access control lists of a SAP gateway are often configured incorrectly, which means that users who are not logged in can execute commands on the operating system. The factory setting of the gateway’s secinfo configuration can also be misused, execute commands remotely. In certain situations, an attacker could abuse a SAP router to gain access to an external network, which could lead to the execution of malicious code from the public network. At the security conference, at which 10KBLAZE tools were published, just under a thousand SAP routers vulnerable to such attacks can be found on the internet.

    SAP systems

    The standard settings of the SAP Message Server are also susceptible to misuse. An attacker in the SAP network can carry out the attacks with such a server and thus obtain legitimate login data. Some of these servers can also be reached from the public internet through incorrect network configuration. Further information on the attacks and how to detect them can be found in the CISA security message. In principle, the Cyber Security And Digital Infrastructure Bureau recommends to securing it through better configuration of the SAP components, also restricting access options from external networks. SAP systems are not designed to be exposed to the internet because it is an untrustworthy network.

    Onapsis experts estimate that around 90% of all SAP systems are affected by the security vulnerabilities. 10KBLAZE misuses incorrect configurations within the SAP systems, so that an unauthorized user can execute commands for which he is not authorized. This can happen if the SAP gateways are configured incorrectly. This attack is one of the three main types of attack reported by the CISA. Even the factory setting of the gateway’s secinfo configuration allows it to execute commands remotely.

    Recent Articles

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox