August SAP Security Updates and Critical Vulnerabilities
This episode covers SAP's August Patch Tuesday release, which includes 25 new and updated security notes addressing vulnerabilities across the SAP technology stack. Two hot news items stand out: a critical SAP Business Objects vulnerability (CVE with CVSS 9.8) that allows full system compromise, and a Node.js library vulnerability (CVSS 9.1) affecting SAP Build Apps deployments. Organizations running these technologies need immediate patching and, in the case of Build Apps, must rebuild and redeploy applications with updated Node.js versions. Notably, Onapsis Research Labs contributed to nearly 25% of the vulnerabilities fixed in this release, demonstrating their deep expertise in SAP security research.
National Public Data Breach and Digital Identity Protection
The discussion addresses a significant data breach at National Public Data, a background check provider, which exposed social security numbers, names, addresses, and other personal information. Initially offered for sale at $3.5 million, the data is now freely available. This breach highlights the broader challenge of data security across third-party vendors that consumers have no direct relationship with but whose services are used by employers and other organizations. The episode emphasizes the importance of defensive measures including credit monitoring, fraud alerts, IRS identity protection, and maintaining awareness of one's digital footprint across the interconnected digital ecosystem.
Browser Zero-Day and SAP's Continued Market Growth
The episode covers a zero-day vulnerability discovered by Oligo Security affecting major browsers (Safari, Chrome, Firefox) that allows attackers to bypass protections by sending requests to 0.0.0.0, potentially gaining unauthorized access to local resources. The primary mitigation is keeping browsers updated, as disabling JavaScript is impractical for modern web browsing. Additionally, SAP's latest quarterly results show significant growth with cloud backlog up 28%, cloud revenue up 25%, and overall customer revenue up 10%, indicating the expanding attack surface of SAP applications and reinforcing the critical importance of securing these systems that power essential infrastructure across energy, food, healthcare, and other vital sectors.
