Unsecured critical SAP applications under active attack per Bleeping Computer

SAP enterprise applications are used by more than 400,000 organizations globally, which includes 92% of Forbes 2000. Attackers are seeking out exposed, unpatched applications online, and in some cases linking or chaining these vulnerabilities together to increase their success of intrusion. Per cloud security firm Onapsis,

“Observed exploitation techniques would lead to full control of the unsecured SAP applications, bypassing common security and compliance controls, and enabling attackers to steal sensitive data, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations”

We know that patching is complicated (don’t get me started 😉) and typically larger organizations are behind by a couple cycles. The truth is that can often be considerably more when legacy systems, proprietary programs and operational concerns factor in.

EtterSilent Maldoc builder per Bleeping Computer

Something to keep watch for. EtterSilent is used to build malware-laden documents that can bypass detection in on Windows, Google and email services etc. It’s gaining popularity of underground forums and getting regular weaponized enhancements either as a malicious macro or an exploit against a vulnerability. These can masquerade as Docusign or Digicert documents that need the macro enabled. It’s been seen to recently drop TrickBot and BazarLoader malwares, which in turn can deliver a nasty ransomware payload. Verify with care.