Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. Read More
Related Posts
ZeroFont trick makes users think that message has been scanned for threats
ZeroFont trick makes users think that message has been scanned for threats
Attackers are using the “ZeroFont” technique to manipulate the preview of a message to suggest it had already been scanned for threats.
Read more in my article in the Tripwire State of Security blog. Read More
Graham Cluley
SAP Security Update: Patch For High Severity Vulnerabilities
SAP Security Update: Patch For High Severity Vulnerabilities
SAP has released its July 2024 security patch update, addressing 18 product vulnerabilities. The update includes fixes for two high-severity flaws that could potentially allow attackers to gain unauthorized access to sensitive data and systems.
The most critical vulnerability, CVE-2024-39592, affects SAP’s Product Design Cost Estimating (PDCE) tool. With a CVSS score of 7.7, this missing authorization check could enable attackers to read generic table data, potentially exposing sensitive information.
Another high-priority fix addresses CVE-2024-39597 in SAP Commerce, which has a CVSS score of 7.2.
This improper authorization check could allow attackers to exploit the forgotten password functionality and gain access to improperly configured sites without merchant approval.
Attend a Free Webinar on How to Maximize Cybersecurity Program ROI
The patch update also includes fixes for 15 medium-severity vulnerabilities affecting various SAP products such as Landscape Management, Document Builder, NetWeaver, CRM, Business Warehouse, S/4HANA, Business Workflow, GUI for Windows, Transportation Management, and Enable Now.
These vulnerabilities encompass a range of issues, including information disclosure, unrestricted file uploads, missing authorization checks, cross-site scripting (XSS), and server-side request forgery (SSRF).
While SAP has not reported any active exploitation of these vulnerabilities, the company strongly recommends that users apply the patches as soon as possible.
Past incidents have shown that attackers often target known SAP vulnerabilities, even after the release of patches. The July 2024 patch update underscores the importance of timely security updates for enterprise software.
Organizations using SAP products should prioritize applying these patches to mitigate potential risks to their systems and data.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
The post SAP Security Update: Patch For High Severity Vulnerabilities appeared first on Cyber Security News.
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia.
The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security. Read More