CISA: SAP Vulnerabilities Under Active Attack, Poses Data Theft Risk

Health IT Security

Jessica Davis

An active cyberattack campaign was spotted in the wild, targeting systems running unpatched or misconfigured SAP systems. Threat actors are exploiting these vulnerabilities to gain full control of the applications, according to a Department of Homeland Security Cybersecurity and Infrastructure Security alert.

SAP applications are used by entities to manage critical business processes, including enterprise resource planning, supply chain management, and product lifecycle management, among similar tasks. Healthcare entities commonly use SAP cloud and mobile apps.

CISA coordinated with security firm Onapsis and released a related report to shed light on the critical threat, including insights to defend against the attacks. According to the report, the apps are used by more than 400,000 entities—with the vast majority in...

Get the Morning Update

Thanks for subscribing!