Weekly Update: Essential SAP Vulnerability, AI-Driven Phishing, Significant Security Breaches, Fresh CVEs & More Insights
measures.
New Vulnerabilities: SAP, Oracle, and More
This week saw the exposure of several significant vulnerabilities.
Topping the list is a crucial SAP exploit (CVE-2021-3758) in its Universal Worklist component.
This exploit allows an attacker to take complete control of an SAP application through job submission, bypassing all authorization checks.
SAP has released a patch to address this issue.
Users are advised to apply the patch urgently to avoid potential breaches.
Oracle also reported new vulnerabilities.
Another 342 issues were identified in its Critical Patch Update, ranging from low to high.
It’s a stark reminder of the importance of keeping your systems frequently updated.
AI-Powered Phishing Attacks On The Rise
Cybersecurity firms ESET and Fortinet highlight the growing trend of AI-powered phishing attacks.
The deep learning algorithms can mimic writing style and tone, creating personalized phishing emails that are incredibly difficult to distinguish from legitimate emails.
A report from ESET identified a new phishing toolkit named ‘DeepPhish.’ It uses AI to create phishing versions of popular websites, employing techniques to avoid detection and increase the probability of scams.
This approach requires users to be more vigilant and invest further in phishing defenses.
Major Breaches and New CVEs
Major breaches continue to be a regular occurrence.
Two major e-commerce platforms were hit with breaches last week impacting thousands of clients.
Detailed information on these breaches, including possible mitigation strategies, can be found at [REDACTED DUE TO PRIVACY] and [REDACTED DUE TO PRIVACY].
The week also witnessed new Common Vulnerabilities and Exposures (CVE), further emphasizing the need to keep IT systems up-to-date.
The National Vulnerability Database published 291 new entries showing a continued rise in CVEs.
Takeaways
In a week filled with major breaches and new threats, it’s clear cybersecurity is not a ‘set and forget’ issue.
IT professionals need to maintain an ongoing, proactive approach to cybersecurity that includes regular patching, system updates, and continuous employee education to detect and respond to increasingly sophisticated attacks.
Follow-Up Reading
1. “The Rise of AI-Powered Phishing” – CybersecurityInsights.net
2. “The Detailed Breakdown of the Latest Big Data Breaches” – TechSecurityReports.com
3. “Understanding the Impact of the Latest SAP Vulnerability” – Cyberack.com
