Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Internet security researchers report a vulnerability in SAP NetWeaver

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

May 29, 2014

Click here to order the best dedicated server and at a great price.

Internet security researchers in Russia have reported a software vulnerability in SAP NetWeaver which could allow hackers and attackers to gain access to Central User Administration tables.

Catalogued as CVE-2014-3787, details on the security vulnerability in the service-oriented and integration platform were kept under wraps by security firm PT Security which conducted regular tests on SAP enterprise software.

The Central User Administration feature streamlined management of multiple users accounts that were managed on different clients.

SAP was among the most popular business applications and was used by about 73.4 percent of Forbes 500 companies.

Dmitry Gutsko said the sensitive information disclosure security vulnerability affected NetWeaver versions 7.20 and earlier.

"By successfully exploiting the vulnerability, an attacker can read any tables from SAP Central User Administration via accessing the affiliated system, which may lead to disclosure of user data stored in all CUA systems," Gutso warned in a disclosure.

Users were advised to apply the latest NetWeaver security patches to fix the security hole. SAP users were notoriously bad at updating and securing their deployments. In 2013, ERP Scan founder Alexander Polyakov found hundreds of organizations that ran vulnerable and older versions of SAP and had exposed deployments to the public internet.

Polyakov found many customers that ran versions of NetWeaver j2EE that contained critical security flaws allowed attackers to execute commands without user authentication.

And in January of this year, the same security company reported a critical XML External Entity (XXE) security vulnerability within SAP NetWeaver's GRMGApp which was open to unauthorised access.

In other internet security news

It's reported in the blogosphere today that China is escalating its war of words with the United States over online espionage, releasing a report by its Internet Media Research Center that concludes that the US does a lot of spying online.

As could be expected, there's also a lot of strong language in the report, such as this opening paragraph-- “As a superpower, the United States does take into account its political, economic, military and technological advantages to unscrupulously monitor other countries, including its own allies. The U.S.' spying operations have gone far beyond the legal rationale of "anti-terrorism" and have exposed its true colors of pursuing self-interest in complete disregard of moral integrity. These operations have flagrantly breached International laws, seriously infringed upon the human rights and put global cyber security under threat. They deserve to be rejected and condemned by the whole world.”

China's specific allegations suggest the U.S. have conducted the following activities against it and other nations:

  • Collecting nearly 5 billion mobile phone call records across the globe every day.
  • Spying over German Chancellor Angela Merkel's cell phone for more than 10 years.
  • Plugging into the main communication networks between Yahoo's and Google's overseas data centers, and stealing data of hundreds of millions of customers.
  • Monitoring mobile phone apps for years and grabbing private data.
  • Waging large-scale cyber attacks against China, with both Chinese leaders and the telecom giant Huawei as targets.
  • The document goes on quite a bit, mostly repeating Edward Snowden's allegations and throwing in a few other incidents reported by other nations.

    Expressions of outrage about NSA activities voiced by the United Nations and privacy groups are given a new airing, as is just about every report from any newspaper anywhere about Snowden-sourced NSA activities.

    That China has put this all on letterhead is significant inasmuch as it shows the nation is very angry indeed and wants the US to know it.

    That the document doesn't miss a chance to paint the US as a declining imperial power unfairly seeking to nobble its likely new superpower successor will also go down well with local audiences.

    Actions like China's new vetting program for imported IT products and possible ban on IBM servers are likely to have more impact on the US because they hit it directly where it hurts the most-- in the wallet.

    And let's also note that there's colossal hypocrisy on both sides-- if China could do the things the NSA is accused of, would it really back off? Or would it decline the grubby practice of same “pursuing self-interest in complete disregard of moral integrity” just like it did in Tiananmen Square? There's real food for thought in the whole thing.

    In other internet security news

    Apple is denying that a security breach of its iCloud service is the reason for an outbreak of ransomware infecting Australian iCloud users.

    Australian Apple owners yesterday complained that their hardware had been remotely locked by a hacker identifying himself as Oleg Pliss and demanding a PayPal transfer of $50 to restore them back to life.

    Apple Australia has contacted us and offered the following statement on the situation-- “Apple takes security very seriously and iCloud wasn't compromised during this incident. Impacted users should change their Apple ID password as soon as possible and avoid using the same user name and password for multiple services. Any users who need additional help can contact AppleCare or visit their local Apple Retail Store.”

    So how did the entity known as Pliss manage to compromise so many accounts? People familiar with the matter have told us that Pliss is likely in possession of usernames and passwords gleaned from sources other than Apple and has attacked users who use the same identifier for multiple services including iCloud.

    Lots of users have weak passwords and/or use them to log on to multiple services. And it is certainly possible to come by such data-- breaches at Adobe and eBay would have yielded many email addresses that could be used to target Australian users.

    If that is indeed what has transpired on this occasion it is perhaps scarier than an iCloud security breach, because to this date, compromised passwords have not been deployed to power large-scale attacks.

    If Pliss is in deed the initiator of such efforts, millions of people could be at risk on most of their Apple devices.

    In other internet security news

    Literally thousands of PoS (point-of-sale), grocery management and accounting systems globally have been compromised by a new strain of malware, results of a March 2014 security investigation probe have revealed.

    During a survey of compromised terminals, the Nemanja botnet was singled out as one of the biggest of the lot.

    After infiltrating various small businesses and grocery stores, the botnet then sets up a means to lift credit card numbers and other sensitive data from the compromised systems.

    Cyber-intelligence firm IntelCrawler said it had detected no less than 1,478 hosts infected by Nemanja in countries as far apart as Australia, Israel and Zambia.

    Various systems in Britain, the United States and Germany have also been infected by the keylogging malware.

    "The Nemanja case has shown that cybercriminals have started to join PoS malware with keyloggers in order to intercept credentials of various back-office systems and databases in order to gain access to payment or personal identifiable data," IntelCrawler said in an advisory.

    "During the investigation on the Nemanja botnet, over a thousand infected and compromised PoS terminals, accounting systems and grocery management systems were clearly identified," it added.

    The latest malware is part of a larger trend of cybercrooks using it to target retailers’ office systems and cash registers.

    Malware including RAM-scraping nasties such as Alina, BlackPOS, Dexter, JackPOS, VSkimmer and their variants have been planted using either drive-by-download and remote hacking of administration channels.

    Such malware is then used to lift sensitive information from compromised systems. For example, a variant of the BlackPOS was reportedly used in the final phase of the multi-stage attack against U.S. retail giant Target.

    The estimated 40 million credit card records from the Target breach have subsequently been offered up for sale through underground hacking forums and the sheer volume of information has had the effect of pushing down the cost of compromised details, as a blog post by security researchers at McAfee says.

    In other internet security news, a website that supposedly holds the cryptocurrency Dogecoin in conditions of optimal security, has gone offline.

    The site now publishes the following message-- ``Notice: We apologise for the downtime, a press release will be posted here within 24 hours. Please do not transfer any funds to Dogevault addresses while our investigation is under way. Email for any enquiries.``

    Then, at 8.27 AM EST the following message was posted-- ``Announcement: On May 11, 2014, the Doge Vault online wallet service was compromised by attackers, resulting in a service disruption and tampering with wallet funds. As soon as the administrator of Doge Vault was alerted, the service was halted.``

    ``The attackers had already accessed and destroyed all data on the hosted virtual machines. We are currently in the process of identifying the extent of the attack and potential impact on user's funds.``

    ``This involves salvaging existing wallet data from an off-site backup. We will also closely be investigating potential attack vectors, and determining the security breach which enabled the attacker's to compromise the service in the first place.``

    ``Please do not transfer any funds to Doge Vault addresses while our investigation is under way. Thank you for your patience-- we will issue an additional statement including our findings and plan of action within the next 24-48 hours. Email for any enquiries. Doge Vault.``

    After Bitcoin's Mt. Gox went bankrupt not so long ago, now some observers are wondering if the same fate could happen to Dogecoin. And you can't blame them for thinking along those lines.

    Speculation is rife in posts like a Reddit missive that the site was hacked, taking with it at least 950,000 Dogecoins. Another report suggests up to 111 million Dogecoins seem to have mysteriously appeared in a “mega wallet” linked to Dogevault.

    With the Dogecoin to the US dollar exchange rate running at about 1000:$0.46, that's about $51,000 hardly the millions suspected to have evaporated from Bitcoin exchange Mt Gox but still a nasty lot of cryptocash to lose, nevertheless.

    If Dogevault has indeed been fatally compromised it will make it harder to sustain cryptocurrency enthusiasm. Whatever the upsides of the concept, security of some participants clearly needs to be tightened, and in a very big way.

    Microsoft's security department said yesterday it will release no less than eight security updates next Patch Tuesday to stop remote-code execution bugs in Windows and Internet Explorer, among other various security bugs.

    Meanwhile, Adobe will issue new versions of Acrobat and Reader for this month's Patch Tuesday as well, so May 13 will be a busy day for system admins and IT departments everywhere.

    Two of the security updates from Microsoft are rated as very critical because they allow miscreants to execute code from vulnerable systems from afar-- the Windows operating system from Server 2003 to Windows 8, web browser Internet Explorer 6 to 11, and some SharePoint-related software, are all at risk, Microsoft warns.

    The other six updates are labelled important-– one is a remote-code execution hole, four lead to privilege escalation and one allows hackers to bypass security protections altogether.

    The affected software includes Microsoft Office 2007 to 2013, Windows and the .NET Framework.

    As is always the case, Microsoft holds off documenting the security vulnerabilities in further detail prior to the patch release for obvious reasons.

    The May 13 security release will be the first in more than 10 years to not include any bulletins for Windows XP.

    The outdated operating system was officially retired from support by Microsoft on April 8, though subsequent exploitation of flaws in the OS by miscreants has forced the company to issue an out-of-band update, nevertheless.

    Click here to order the best dedicated server and at a great price.

    Adobe, meanwhile, will issue an update for four versions of its Reader and Acrobat software. The Adobe fix will address critical security flaws in both the Windows and OS X versions of Reader and Acrobat 10 and 11.

    Users and system administrators are well advised to test and deploy all of next Tuesday's security patches as soon as possible or risk falling victims to exploits targeting the newly disclosed security vulnerabilities.

    In other internet security news

    Online marketing and URL-shortening firm has warned its users that its system has been hacked into by unknown parties and then urged that its users change their passwords as soon as possible.

    In a security advisory, the company says-- "We have strong reasons to believe that Bitly account credentials have been seriously compromised but that we have no indication at this time that any accounts have been accessed without permission."

    The company also promises that it has "already taken proactive measures to secure all paths that led to the compromise in the first place, and then ensure the security of all account credentials going forward."

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.

    Source: SAP.

    Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

    You can link to the Internet Security web site as much as you like.

    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

    Click here to order our special clearance dedicated servers.

    Get your Linux or Windows dedicated server today.

    Click here to order our special clearance dedicated servers.