Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

RedShield Develops Virtual ‘shield’ For RECON Vulnerability Impacting 40,000 SAP Customers

RedShield, specialists in web application shielding, has developed custom shield objects which immediately fix the global RECON vulnerability to ensure critical data within SAP systems remains secure.

Designed to shield vulnerabilities at the proxy layer, without touching a single line of SAP application code, the custom shield ensures attacks are harmless before they reach the application layer.

The announcement follows disclosure by SAP on 13 July of two new critical vulnerabilities in the

SAP Networker Application Server that allows attackers to gain remote access and complete control over SAP systems. This application is considered a critical part of the SAP stack and a reported 40,000 SAP customers may be affected.

The Cybersecurity and Infrastructure Security Agency (CISA) has recommended organisations immediately perform updates and apply patches within 24 hours; however, RedShield says that few organisations relish the idea of rolling out emergency updates to such critical and complex enterprise systems as SAP.

“It is fundamental for SAP customers to stay protected and alert, as due to the very nature of SAP it will be running business critical systems. However, the reason we see so many organisations struggling to act and apply patches quickly is because of the potential business risks and what down-stream impact may be caused, ” says RedShield CEO, Andy Prow.

“This is why RedShield exists. Vulnerability Shielding involves injecting code in front of the vulnerable application to fully remediate or neuter the attack. The most important factor is that the shield requires zero touch to the application, meaning vulnerabilities are removed without the risk and interruption caused by touching systems like SAP. ”

As the SAP NetWeaver Java is a base layer for many SAP products, exploiting this vulnerability may allow an attacker to leverage the connected systems and access further business-critical data and Personally Identifiable Information (PII).

“Because applying these patches can be difficult and take time, we’ve seen some organisations attempt to block access to the affected SAP services; however, this is a heavy handed response, and often is untenable as a long term solution. We’ve also seen some organisations introduce pre-authentication by allowing only authenticated users to access the server; however, this assumes the malicious user has not already gained authentication, and is also not a viable solution in all cases.”

“Deploying our shielding object to shield the RECON vulnerability, without touching a single line of SAP application code is the fastest and most effective solution,” says Prow. “We can provide immediate peace of mind with our shielding approach. With the shield(s) in place the customer may still upgrade or patch the systems behind the shields, but they can do so in a planned and managed way, over time.”

RedShield can deploy shields for both legacy and new SAP applications - as well as APIs. Depending on the shielding architecture needed, implementation can be completed within hours, well within the CISA’s recommended 24-hour timeframe.

According to reports, if a malicious user is able to successfully exploit the RECON vulnerability, they can create their own account in SAP systems with maximum privileges, allowing them to:

Steal personally identifiable information (PII), which may violate privacy regulations

(e.g. GDPR, CCPA);

Access, delete, or manipulate financial records and banking details; and

Perform other admin functions such as deleting or modifying database records, traces, logs, and other files

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Mining: OceanaGold Announces Receipt Of WKP Mining Permit

MELBOURNE, Australia, Aug. 6, 2020 /CNW/ - OceanaGold Corporation (TSX: OGC) (ASX: OGC) (the 'Company') is pleased to announce it has received the mining permit for Wharekirauponga ('WKP') on the North Island of New Zealand. ... More>>

ALSO:

Economy: COVID-19 Lockdown Has Widespread Effects On Labour Market

In the June 2020 quarter, the seasonally adjusted unemployment rate fell to 4.0 percent, down from 4.2 percent last quarter, while underutilisation rose, Stats NZ said today. More>>

ALSO:

NZ Post: New Research By NZ Post Shows Online Shopping Grew 105% In Alert Level 3

New research by NZ Post into how the COVID-19 response has impacted the way Kiwis shop online, shows online shopping increased 105%* when the country moved into Alert Level 3, and may have changed the way Kiwis shop permanently. Online spend peaked ... More>>

ALSO:

Banking: Westpac NZ Lowers Merchant Fees For Small Businesses

Westpac NZ is rolling out a new merchant fee pricing structure that will lead to cost savings for more than 10,000 small and medium Kiwi businesses, and could make contactless transactions more widely available for customers. On 1 September, most ... More>>

REINZ: Million Dollar Plus Property Sales Increase 11.7% Nationally

The number of properties sold around the country for one million dollars or more during the first half (H1) of 2020 increased by 11.7% compared to H1 2019, with 5,426 million-dollar plus properties sold (up from 4,858 in H1 2019) according to the Real ... More>>

Waste: Government To Regulate Plastic Packaging, Tyres, E-Waste

The Government is stepping up action to deal with environmentally harmful products – including plastic packaging, tyres and e-waste – before they become waste. As part of the wider plan to reduce the amount of rubbish ending up in landfills, ... More>>

ALSO:


Antarctica NZ: Ice-Olation

Antarctica New Zealand is gearing up for a much reduced season on the ice this year and a very different deployment to normal! Before they head to one of the remotest places on the planet, all personnel flying south with the New Zealand programme will ... More>>

ALSO:

QV Valuations: July House Price Index Illustrates Market Resilience

According to the July 2020 QV House Price Index (HPI) results out today , property values recorded a marginal increase, up 0.2% over the month. This is somewhat of a turnaround from June, after the national index edged 0.2% lower. More>>

ALSO:

Property: Queenstown Rents Experience Biggest Drop In Seven Years

Rental prices in the Queenstown-Lakes district saw the biggest annual percentage drop in seven years after falling 28 per cent on June last year, according to the latest Trade Me Rental Price Index. Trade Me Property spokesperson Aaron Clancy said ... More>>

Seismology: The Quiet Earth

As many daily activities came to a halt during lockdown, the Earth itself became quiet, probably quieter than it has been since humans developed the technology to listen in. Seismologists have analysed datasets from more than 300 international ... More>>

RNZ: James Shaw Says Kiwibank, Not Ministers Should Decide On Investors

Climate Change Minister James Shaw says Kiwibank's decision to stop doing business with companies dealing in fossil fuels is the right one. More>>

ALSO:

FMA: Kiwis Confident Financial Markets Will Recover From COVID-19, Plan To Increase Investments

Despite the majority (60%) of investors experiencing losses as a result of COVID-19, the outlook on investing remains positive, according to a Financial Markets Authority (FMA) survey. Most Kiwis (71%) were optimistic that the pandemic will pass eventually ... More>>

FIRST Union: Warehouse Using Covid For Cover As Extensive Restructure Makes Everyone Worse Off

(FIRST Union comments on The Warehouse consultation and proposed restructure) 'Unfortunately the Warehouse have done the disappointing thing and used Covid-19 to justify a bunch of operational business decisions that will leave hundreds of workers without jobs ... More>>

ALSO: