Homeland Security Warn of Hacking Risk to Some Oracle and SAP ERP Applications

{{article.creator.firstname}} {{article.creator.lastname}}
Editor Coda
Jul 27, 2018

The Department of Homeland Security has issued an alert to businesses using Oracle and SAP's ERP applications, warning that the software is at risk from hackers, citing the study from cyber security firms Digital Shadows and Onapsis that highlights the risks posed to thousands of unpatched business systems. 

Dozens of companies and government agencies have been targeted and thousands more could be at risk of data breaches by hackers exploiting old security flaws, according to the report published on Wednesday. The 'ERP Applications Under Fire' report details more than 200 SAP applications and 2,500 Oracle applications. As a result, the US Computer Emergency Readiness Team (US-CERT) hasissued an official warning asking businesses to take steps to protect themselves.

A SAP Spokesperson has said "Our recommendation to all of our customers is to implement SAP security patches as soon as they are available - typically on the second Tuesday of every month to protect SAP infrastructure from attacks."

Oracle said it patched the listed vulnerabilities in July and October 2017, and both firms are advising customers to update their systems as soon as possible.

Both companies regularly release patches to known security bugs in their software. However, worries over installation mistakes, and possible disruption to the day to day running of the business often mean customers are reluctant to make fixes.

The report also warned about a number of insecure ERP applications directly accessible online, both on-premise and in public cloud environments.

 

To read this article you have to be registered.

Become a member to access all content and / or download it

We value your privacy

We use cookies to enhance your browsing experience and analyze our traffic. By clicking 'Accept All' you consent to our use of cookies.