Onapsis

Shifting your IT and sensitive data to the cloud? That transition demands a dedicated security strategy. As threats get smarter, your defenses need to be purpose-built. Check out this ASUG - Americas' SAP Users' Group podcast with Juan Perez-Etchegoyen and Guarav Singh as they lead with their SAP security expertise to guide you through how to approach #cybersecurity in the #cloud. If you've ever wondered: • Initial steps enterprises should take when securing their cloud migrations. • The importance of adopting a shared responsibility security model. • The cybersecurity benefits of RISE with SAP. Then look no further! 👀 https://bit.ly/44vZr8H #CloudMigration #EnterpriseSecurity #ThreatActors

The shift to SAP S/4HANA is no longer a matter of if, but when. ⏰ The clock is ticking for many SAP customers with two critical maintenance deadlines approaching: December 31, 2025, for SAP ECC 6.0 enhancement packages 1-5 (with no extended maintenance option), and December 31, 2027, for other core SAP Business Suite applications. Organizations face an unavoidable challenge to secure support and ensure business continuity. But how do you embark on such a transformative journey without being overwhelmed? Get all the guidance you need in our new blog: https://bit.ly/4eQDHrD #DigitalTransformation #S4HANA #RISEwithSAP #SAPSecurity

ICYMI: July's Patch Day was a record one with 30 new and updated SAP security patches.❗ Amongst them, our Onapsis Research Labs identified a Critical CVSS 10.0 Insecure Deserialization vulnerability in SAP SRM. This allows unauthenticated Remote Code Execution (RCE), making it a top priority to address. ORL also contributed to 14 other patches. Ensure your systems are secure. Get the details on July's crucial updates & how to act! ➡️ https://bit.ly/4lYbfq5 #SAPSecurity #PatchTuesday #HotNews #CVSS10 #OnapsisResearchLabs

Is your #SAP or #Oracle environment a blind spot? 🚨 Great chat with Evan Kirstel and Mariano Nunez on why traditional #cybersecurity fails against attacks on business-critical apps. Attackers are exploiting vulnerabilities without credentials, bypassing traditional controls. Threats like these in today's digital world require custom, tailored solutions. This is critical. Learn why generic tools fail and what you can do about it instead. ⬇️ https://bit.ly/4lUS40g #BusinessApplications #CloudSecurity #AI #ZeroDay #SapSecurity

Five years ago, our Onapsis Research Labs identified and disclosed the RECON vulnerability to SAP, leading to critical patches. Now, as we mark this anniversary, we've observed continued exploitation of this flaw in recent months. Our latest post looks back at RECON and highlights why, despite its age, it remains a threat if your SAP security hygiene is lacking or systems are exposed. This shows hackers are relentless in leveraging any vulnerability they can find. Read more about it here ➡️ https://bit.ly/43OwpAC #SAPSecurity #SAPVulnerabilities #RECONVulnerability

Let's hear it for the newest members of the Onapsis team! 👏 We love seeing new faces around here and are so happy to have you on the team. Welcome home! 🧡 #OnapsisLife #NewJoiners #Culture #Welcome

Ready for a virtual masterclass with the Enterprise Architect Community? Juan Perez-Etchegoyen and Guarav Singh will explore how to level up your SAP security strategy to be proactive and rooted in risk, readiness, and resilience. As the co-authors of Cybersecurity for SAP, JP and Guarav are joining Paul Kurchina to share their decades of experience in the SAP security space and provide the community with invaluable insights Come ready to learn and leave inspired with fresh perspectives to bring back to your team. 📅 July 29 🕦 11 a.m. ET Save your spot: https://bit.ly/4lxgr3R #EnterpriseArchitectCommunity #EnterpriseArchitects #SAPSecurity #CybersecurityForSAP #SAPPress

Yesterday's SAP Patch Day brought a record number of security patches, including a handful of critical vulnerabilities in the dangerous class of Deserialization of Untrusted Data. Earlier in 2025, we saw active exploitation of CVE-2025-31324 - the same vulnerability class. It's a crucial reminder to revisit your defenses. Watch our full breakdown to understand the risks: ▶️ https://bit.ly/3RJlbH4 Looking for a deeper understanding of these threats? Access more insights here: ⬇️ https://bit.ly/3S8VeRe If 2025 is teaching us anything, it's how absolutely critical effective SAP vulnerability management processes and technology are to stay ahead. Questions? Let's chat! #SAPSecurity #ZeroDay #CVE202531324 #CyberSecurity #ThreatIntel #Onapsis #JulyPatchDay #PatchTuesday #PatchDay #VulnerabilityManagement

As we shared earlier today, this #PatchTuesday is a unique one–SAP in collaboration with Onapsis has patched a high number of critical vulnerabilities, many similar to ones recently exploited as zero-day by threat actors. The following SAP Security Notes are especially critical to pay attention to as part of this month’s release: 3578900 (CVE-2025-30012) (CVSS 10) 3620498 (CVE-2025-42980) (CVSS 9.1) 3610892 (CVE-2025-42966) (CVSS 9.1) 3621771 (CVE-2025-42963) (CVSS 9.1) 3621236 (CVE-2025-42964) (CVSS 9.1) Why are these so critical for defenders? 🔹 Several of these vulnerabilities have critical severity ratings (CVSS 9 and CVSS 10), and are of the same type of CVE-2025-31324 and CVE-2025-42999 - two critical vulnerabilities that were widely exploited during March-June of this year. 🔹 Exploitation grants attackers full control over SAP’s critical business processes and information, which could result in espionage, sabotage and fraud, and bypasses traditional SAP security controls, such as Segregation of Duties and GRC solutions. 🔹 Attackers can also use these vulnerabilities to deploy ransomware on SAP, which will result in significant business disruption and losses for victim organizations. 🔹 Attacks can happen over the Internet for cloud/internet-facing SAP applications, but also against internal SAP systems. 🔹 Affected customers should apply SAP patches as soon as possible. 🔹 The Onapsis Research Labs team collaborated closely with SAP in the discovery and mitigation of these issues, and we would like to acknowledge SAP’s rapid response and diligence in releasing these security updates. Learn more and get the full breakdown below 🔽 #SAPPatchDay #SAPSecurity #PatchTuesday

🗓️ It's #PatchTuesday, and Thomas Fritsch has you covered as always. This month is somewhat unique with 30 new and updated SAP security patches. Important note: several of these #SAPvulnerabilities have critical severity ratings and are of the same type as CVE-2025-31324 and CVE-2025-42999--two critical vulnerabilities that were widely exploited during March-June of this year by threat actors. Our team will be sending out additional details and context around these critical vulnerabilities--stay tuned. #SAPSecurityNotes #SAPSecurity