Security

Microsoft Dynamics 365 users in Finance, Supply Chain, and Commerce must urgently address access governance before stricter licensing rules take effect on November 1, 2025, as many organizations have uncovered significant security vulnerabilities and excessive user permissions amidst new compliance pressures.

The 2025 Ponemon report reveals that organizations are spending an average of $17.4 million annually to manage insider threats, particularly from negligent employees and sophisticated malicious actors, while highlighting the urgent need for enhanced visibility and cross-application risk management to combat these emerging internal dangers.

Hidden security vulnerabilities in ERP and financial systems, such as excessive user privileges and inadequate access controls, pose significant risks to business operations and compliance, necessitating a shift towards automated solutions for proactive governance and risk management.

In an era where traditional perimeter security is obsolete due to hybrid and cloud environments, organizations must adopt continuous access controls and real-time risk monitoring to effectively manage security and compliance, replacing static IAM models with dynamic solutions that enhance both operational agility and security.

As increasing threats and complex IT environments render traditional identity and access management inadequate, organizations are adopting least privilege enforcement as a strategic necessity to enhance security and mitigate risks associated with privileged access across critical applications.

Securing ERP systems has become a business imperative due to their critical role in enterprises and increased vulnerability to cyberattacks, necessitating a shift from traditional security measures to a more integrated approach that combines IRP and cybersecurity across evolving cloud environments.

Active exploitation of a critical zero-day vulnerability (CVE-2025-31324) in the SAP Visual Composer component allows unauthenticated attackers to gain full control over SAP systems, prompting SAP to release an emergency patch and urging customers to either apply it or disable access to the vulnerable component.

SAP has issued critical Security Notes including a highly severe vulnerability in SAP NetWeaver Visual Composer that allows unauthenticated attackers to upload malicious files, prompting organizations to urgently patch or implement workarounds to protect their systems.

Cyberattacks on manufacturing operations can result in severe consequences including downtime, theft of intellectual property, and financial loss, with recent data revealing 88% of UK companies experienced breaches largely due to human error, emphasizing the need for fundamental security practices and robust measures from firms like Codestone to enhance cybersecurity resilience.

Thales is pioneering digital transformation in its factories by replacing traditional PCs with smartphones and tablets through the SmartMobility project, which enhances mobility and operational efficiency while maintaining cybersecurity.

In response to rising identity-related threats, 78% of organizations are set to increase their identity and access management spending in 2025, reflecting a strategic shift towards modern security measures that emphasize complex governance and AI-driven solutions to enhance resilience in the digital landscape.

Google Cloud has acquired cybersecurity platform Wiz for $32 billion, aiming to enhance security technology and scalability across multi-cloud environments.

Dell Technologies and Microsoft are enhancing AI adoption to protect data and improve cybersecurity for multicloud environments.

Signify enhanced efficiency and quality control across over 100 company codes by utilizing Aico’s modules, achieving a 99.9% success rate in journal management, real-time reporting with 15-second dashboard refresh rates, a 30% reduction in obsolete tasks, an increase of 250-350 additional reconciliations per company code, and a jump to 58% automation in BSAR sign-offs.

Deloitte and Onapsis Form Strategic Alliance to Help Shared Clients Secure SAP S/4HANA Cloud®, RISE with SAP® and Cloud ERP Digital Transformations.

Cyberattacks on utility companies are increasingly targeting vulnerabilities in SAP applications, posing significant financial and operational risks, with the average cost of a data breach reaching $4.72 million. The energy sector, with its sensitive enterprise resource planning (ERP) systems like SAP, is particularly attractive to cybercriminals. Despite this, many utility companies struggle to allocate adequate resources for security, especially amid ongoing digital transformation efforts. The consequences of such attacks can be severe, leading to business disruptions, power or water outages, and the theft of customer data. To address these challenges, Onapsis, a leader in business application security, has partnered with Snohomish County Public Utility District (SNOPUD) to enhance SAP security through its Connect Up initiative, aimed at upgrading meters across homes and businesses. This collaboration leverages Onapsis' threat intelligence and automated vulnerability remediation to safeguard SNOPUD's critical systems and customer data, supporting a security-first approach as the utility modernizes its operations.

This article discusses the use of hashing for password security in SAP systems, explaining how hashes are stored, methods for cracking them using tools like JohnTheRipper and Hashcat, and emphasizes the importance of addressing weak hashes and deactivating downward compatibility to enhance data protection.

Remote Function Call (RFC) is a proprietary framework and network protocol used as a key pillar for data exchange in SAP landscapes. For network communications based upon the RFC framework, connection information needs to be configured and stored on the...

Onapsis Research Labs detailed a security breach where an SAP system was compromised, transformed into a command and control bot through a vulnerability, and used to launch a distributed denial of service attack via Cloudflare.

THE IMPORTANCE OF SAP SECURITY Simple steps to educate yourself, your team, your executive management, and the board of directors. SAP S/4HANA & DIGITAL TRANSFORMATION Best practices to securely navigate your SAP S/AHANA journey. AUTOMATION, EFFICIENCY & AGILITY FOR APPLICATION...

Onapsis and Flashpoint released a report detailing how cybercriminals are increasingly discussing and targeting SAP applications.

RISE with SAP is a comprehensive suite of cloud-based applications, platforms, tools, and services that help businesses of all sizes accelerate their digital transformation. However, any migration to the cloud comes with security challenges. Using third-party security technology can enhance and expand your ability to protect your data and systems while transitioning into a RISE with SAP environment. In this webinar, learn how enhanced visibility, automated security scanning, and incident response can augment your team’s ability to inspect what they expect from RISE with SAP, increase business value, and promote risk abatement.

New Intelligence to Protect SAP from Ransomware and Data Breaches, Onapsis and Flashpoint have joined forces to level the playfield, revealing how threat actors are attacking SAP applications. Download our report or listen to our recent webinar

Onapsis Assess - Complete ERP Attack Surface Management. Discover vulnerabilities across your critical ERP application landscape and get the risk-based guidance you need to better prioritize and respond faster to issues posing the greatest threats to your business.

Onapsis Secure RISE Accelerator lowers risk and reduces security and compliance obstacles in RISE projects by delivering a proven SAP security framework that helps you make better-informed, faster security decisions, narrow the scope for an optimized secure-by-design go-live, and de risks the threat of costly project delays with expert guidance and automation technology that reduces manual efforts and costs.

SAP offers a highly secure and compliant cloud infrastructure for RISE with SAP customers. With the peace of mind that SAP is managing the security of the foundational layers, customers can concentrate on their own security and compliance responsibilities: protecting business processes, sensitive data, and any extensions or customizations.

SonicWall's 2025 Cyber Threat Report reveals a rapidly evolving cyber threat landscape, particularly targeting small and medium businesses (SMBs), with alarming increases in Business Email Compromise incidents, sophisticated attack tactics, and the urgent need for proactive security measures such as real-time patching and enhanced user training.