The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats.
Hackers are not walking past the hype. While cryptocurrency becomes a new hot topic in the financial world, hackers are said to start using vulnerable systems for cryptocurrency mining.
What kind of malicious actions can cybercriminals perform if they get access to PeopleSoft via one or another vulnerability? The CIA well-known triad (Confidentiality, Integrity, and Availability) is used to manage cybersecurity. As for ERP Systems, these terms transform into Espionage, Sabotage, and Fraud, which are considered as the main risks.
PeopleSoft Campus Solutions is a comprehensive suite for Universities. The application consists of a number of functional modules:
The security issue of POS systems is nothing new. Breaches in point-of-sale payment terminals have already been highlighted in the media. Taking into consideration that this device is connected with personal information, orders and card details, small wonder that it often becomes a hacker’s coveted choice. What matters here is that in 2016, Oracle MICROS was breached and now perpetrators show greater interest in POS systems.
Injections are vulnerabilities that occur when an application provides no or a bad user input validation. An attacker can inject malicious data, thus performing non-intended actions in a system. Such vulnerability may result in the major SAP risks (Espionage, Sabotage, and Fraud).
We continue considering Injections from the list that we discussed in our Introduction to Secure ABAP Development Guide.