Mini Shai-Hulud: Malware Targeting the Software Supply Chain for SAP Development Tools
On April 30, SAP released SAP Security Note 3747787 in response to the discovery of malicious code in npm packages connected to SAP development tools. The code is part of a malware campaign labelled Mini Shai-Hulud targeting the software supply chain for SAP cloud development. Shai-Hulud is a reference to the sandworms from the fictional […]
FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week to urge organizations to urgently address SQL injection vulnerabilities in software. The alert is based on recent exploits performed by the CL0P cybercrime group, also known as TA505. The Russian group has exploited SQL injection vulnerabilities […]
Securing Custom SAPUI5 Applications using the Cybersecurity Extension for SAP
SAPUI5 is the foundation of Fiori applications in SAP solutions such as SAP HANA and S/4HANA. It provides a HTML5 framework for developing flexible and user-friendly applications that perform consistently across all browsers, platforms, and devices, and integrate with ABAP programs using APIs such as OData services. The SAPUI5 library is based on the jQuery […]