Sneak Peak:
SAP recently fixed a critical vulnerability in the SAP AI Core service that could have allowed attackers to access sensitive data in the multi-tenant environment. This issue, dubbed “SAPwned”, was responsibly disclosed and publicly shared on July 18 after it was patched. You can read more about it here.
I use the Microsoft Sentinel for SAP BTP solution - which went into General Availability state this week - as an example for running automatic detections via built-in analytic rules. Check out the alert “Failed access attempts across multiple Business Application Studio accounts” for instance. Password spray attack anyone?
Navigate to the full post here.