Posted on September 2, 2015 | Filed under Blog
Now that we have covered PeopleSoft Architecture, it is time to continue with PeopleSoft security and describe some attack vectors against PeopleSoft system discovered by ERPScan researchers. The first one is an attack on back-end systems.
Read more »Posted on August 26, 2015 | Filed under Blog
Oracle PeopleSoft applications are quite complex and consist of many components, so their security is not a simple thing. While there is almost no research on PS security, successful attacks against such systems happen from time to time. That’s why we decided to start series of articles about some aspects of PS security.
Read more »Posted on August 20, 2015 | Filed under Blog
Last Wednesday Harvard University announced that on June 19 an intrusion on Faculty of Arts and Sciences and Central Administration information technology networks was discovered. According to the announcement on Harvard website, this breach affected eight different schools and thought to have exposed students' log-in credentials. University IT staff denied that any personal data or information from internal email system had been exposed.
Read more »Posted on July 8, 2015 | Filed under Blog
TokenChpoken attack on Oracle PeopleSoft affecting nearly half of large enterprises and government organizations
Palo Alto, CA – June 29, 2015 ERPScan Research department specializing in SAP and Oracle applications security has published the results of the recent research on public-facing Oracle PeopleSoft applications and their vulnerabilities. These applications are usually used by Fortune 500 companies and government organizations. Almost 50% of companies using Oracle PeopleSoft HRMS system are vulnerable. More than 200 of them can be attacked via the internet. In the list of those companies, there are 18 companies from Fortune 500 and 25 companies included in Forbes 2000 World's Biggest Public Companies.
Read more »
Posted on November 12, 2014 | Filed under Advisories