Vulnerability allows the legitimate user of business analytics system to raise the privileges up to the administrative level and also to get access to an operating system and to all critical for business data.
During the BlackHat DC conference ERPScan experts told about attacks on corporate business-applications which can be used by cybercriminals for espionage, sabotage and fraudful actions concerning competitors. At the conference unknown earlier methods of attacks were presented on popular ERP-systems, such as SAP, JD Edwards, and also on RDBMS Open Edge, which is a universal platform for development custom business-applications.
2010 — the third year of ERPScan public work has come to an end. This year was quite complicated, but very productive. In 2010 multiple vulnerabilities were found, though the amount of vulnerabilities published is less than previously as the vendors have not yet introduced updates allowing their disclosure. Moreover, vulnerabilities have become more critical and diversified, while the scope of applications under research was broadened with banking software and new ERP systems.
In this CPU Oracle gives recognition to four ERPScan experts for discovered security vulnerabilities in business applications.
IT chiefs have been warned that it is their mission-critical systems that pose one of the greatest security risks to the enterprise, with the complexity of patching enterprise resource planning (ERP) applications presenting an opening to cyber thieves.
ERPScan experts Alexander Polyakov and Alexey Sintsov will gave a talk at the CONFIDENCE 2.0 2010 conference held in Prague, Czech Republic on 29-30 November 2010.
We are happy to announce that Alexander Polyakov, Head of ERPScan, will give a talk at DEEPSEC 2010 held in Vienna, Austria on Friday, November 26, 2010. The the talk is entitled Attacking SAP Users Using sapsploit extended.
In this CPU Oracle gives recognition to ERPScan experts for founded security vulnerabilities in business applications such as Oracle Business Inteledgence (CVE-2010-2413) and Oracle Application Server (CVE-2010-3581)
At the Hack In The Box conference 2010 held in Malaysia ERPScan researchers will gave a talk about possible ways of getting unauthorized access to corporate SAP servers through the SAP Frontend vulnerabilities and misconfigurations with new examples of attacks.
Published a simple guide about Lotus Domino hacking, that can be used for penetration testion and application security assesment.