A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

Posts Tagged ‘Default password’

  • Chinese attack on USIS using SAP vulnerability – Detailed review and comments

    On 11th of May, a security headline broke the news about the USIS cyber attack (U.S. Investigations Services) potentially conducted by Chinese state-sponsored hackers via a vulnerability in SAP Software. Hackers broke into third-party software in 2013 to open personal records of federal employees and contractors with access to classified intelligence, according to the government's largest private employee investigation provider [1].

    USIS is a federal contractor which conducts background checks for DHS - the largest commercial provider of background investigations to the federal government. It has more than 5,700 employees providing services in all 50 states of the U.S. territories and overseas. As the result of the breach, more than 27,000 personnel seeking security clearances were compromised. Similar hacks also affected servers at the Office of Personnel Management (OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees' lives for further malicious gain.

    Within a couple of hours after information that it was an SAP vulnerability we contacted with journalists of DarkReading and gave them feedback and some comments.

    Now we sharing all comments that were prepared as well as additional research conducted by us, to tell you what can be the next steps for organizations to secure their systems and prevent these attacks.

    Below you can find the timeline of this attack investigation, the collection of historical facts from different resources, and our comments on the topic.

    Read more »

    Posted on May 15, 2015 | Filed under Blog
  • SAP NetWeaver ABAP security configuration part 3: Default passwords for access to the application

    For the two previous weeks we've been discussing the top-9 critical areas and the 33 steps to be taken for security assessment. Ultimately, we've covered patch management flaws - the first critical category in our list. As you should have probably guessed, today it's time we take a closer look at the next item from our list of critical issues - default passwords.
    Read more »

    Posted on November 17, 2014 | Filed under Blog
  • SAP Application Server Security essentials: default passwords


    One of the easiest and most common ways to hack SAP system is to try to connect using default passwords. Some of them are well-known and some are not (for example TMSADM). All users having default passwords are very powerful.
    Read more »

    Posted on November 13, 2010 | Filed under Blog