A supply chain vulnerability in the SAP transport system that allows attackers to infiltrate the change management or software deployment process has been identified by a cybersecurity provider based in Germany. A patch has been published by SAP SE to fix the issue that threatens all SAP environments that share a single transport directory.
SAP transport system vulnerable to malicious interference
SAP software products are used by companies across the globe, with many providing critical infrastructure, food, energy, and medical supplies. The internal SAP development supply chain is used by customers to request additional functionality and in-house developments to the SAP standard, with changes provided via various staging systems of the respective SAP landscape with SAP transport requests. These requests should not be modified after they have been exported from the central transport directory and released.
More Stories
Squid Dominated the Oceans in the Late Cretaceous
New research: One reason the early years of squids has been such a mystery is because squids’ lack of hard...
Tradecraft in the Information Age
Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance. Read More
ISACA Addresses Experience Gap with CISA Associate Designation
The new CISA Associate designation recognizes ISACA members who have passed the CISA exam, but do not yet have the...
Russian basketball player arrested in ransomware case despite being “useless with computers”
A Russian professional basketball player has been arrested for allegedly acting as a negotiator for a ransomware gang... and despite...
Paddy Power and BetFair have suffered a data breach
Paddy Power and BetFair have warned customers that "an unauthorised third party” gained access to “limited betting account information” relating...
British Man Sentenced for Network Rail Wi-Fi Hack
The man was handed a suspended prison sentence for offenses relating to the hack of Network Rail public Wi-Fi, exposing...