Contact us today.

Subscribe me to your mailing list

USIS hack

TokenChpoken attack on Oracle PeopleSoft affecting nearly half of large enterprises and government organizations

Palo Alto, CA – June 29, 2015 ERPScan Research department specializing in SAP and Oracle applications security has published the results of the recent research on public-facing Oracle PeopleSoft applications and their vulnerabilities. These applications are usually used by Fortune 500 companies and government organizations. Almost 50% of companies using Oracle PeopleSoft HRMS system are vulnerable. More than 200 of them can be attacked via the internet. In the list of those companies, there are 18 companies from Fortune 500 and 25 companies included in Forbes 2000 World’s Biggest Public Companies.

Read more..

Chinese attack on USIS using SAP vulnerability – Detailed review and comments

On 11th of May, a security headline broke the news about the USIS cyber attack (U.S. Investigations Services) potentially conducted by Chinese state-sponsored hackers via a vulnerability in SAP Software. Hackers broke into third-party software in 2013 to open personal records of federal employees and contractors with access to classified intelligence, according to the government’s largest private employee investigation provider [1].

USIS is a federal contractor which conducts background checks for DHS – the largest commercial provider of background investigations to the federal government. It has more than 5,700 employees providing services in all 50 states of the U.S. territories and overseas. As the result of the breach, more than 27,000 personnel seeking security clearances were compromised. Similar hacks also affected servers at the Office of Personnel Management (OPM), which holds information on security clearance investigations. Once hackers have a list of employees who possess government security clearances, they can exploit other aspects of those employees’ lives for further malicious gain.

Within a couple of hours after information that it was an SAP vulnerability we contacted with journalists of DarkReading and gave them feedback and some comments.

Now we sharing all comments that were prepared as well as additional research conducted by us, to tell you what can be the next steps for organizations to secure their systems and prevent these attacks.

Below you can find the timeline of this attack investigation, the collection of historical facts from different resources, and our comments on the topic.

Read more..