Tag Archive for: enable

Onapsis’ new features and platform updates enable users to protect their business-critical ERP apps

/in


Onapsis announced an expansion of its platform with a suite of new and enhanced ERP security capabilities.

Following Onapsis Research Labs’ recent milestone of 1,000 discovered zero-day vulnerabilities and the launch of its Threat Intel Center, these new capabilities and platform updates continue to build on their unique threat intelligence and insights to enable customers to more seamlessly and efficiently protect their business-critical ERP applications.

Given the growing complexity of the modern ERP landscape, companies often don’t know where to begin or frequently lack the deep visibility, capabilities, and knowledge to effectively analyze their ERP attack surface and understand the true risk to their organizations. As a result, digital transformation projects (such as SAP RISE, S/4HANA, and Oracle migrations) are potentially vulnerable to attack by sophisticated threat actors, and critical data (such as intellectual property or personally identifiable information) and the business itself are increasingly at risk of compromise and financial impact.

Onapsis’ new and enhanced features will provide security teams with deep visibility into their ERP attack surface and crucial insights from the Onapsis Research Labs, enabling them to more effectively prioritize, mitigate, and remediate the largest threats to their business.

“As organizations continue to evolve their ERP landscapes and expand to the cloud, they face growing challenges on how to properly secure these critical systems,” said Mariano Nunez, CEO and co-founder of Onapsis. “Our customers rely on our threat intelligence and market-leading solutions now, more than ever, to make sense of the complexity, reduce their attack surface, and protect the critical ERP applications that power their businesses. Our new and enhanced capabilities deliver huge security advantages and efficiencies that take a significant burden off of security teams and provide complete peace of mind, knowing that Onapsis is securing what matters most.”

The latest Onapsis ERP security release targets three key areas for SAP and Oracle customers:

Operationalizing the most impactful and timely global threat intelligence from the…

Source…

October is Cybersecurity Awareness Month. Part 2: Enable Multi-Factor Authentication

/in


In this multi-part series, we’ll look at what organizations can do to better improve corporate security as part of October’s Cybersecurity Awareness Month. In this blog, our focus is on multi-factor authentication (MFA).

Believe it or not, computers in the old days didn’t even require passwords to get in. The threat wasn’t obvious since computers weren’t everywhere so when you powered a computer on and it was done booting, you’d just use it as needed. Once computers became common in the workplace and different folks had physical access to a computer, the user and password pairing was born. Still, some people, just like they do today, would just write the password on a Post-it Note and call it a day. Many people used ‘password’ or ‘12345’ as their password. The password has evolved and today most systems require a minimum of 8 characters including a number, a capitalized letter, and a special character, which make them harder to guess if you haven’t written it down.

Are passwords perfect now?

Nope. According to various studies, 81% of breaches are caused by poorly-chosen passwords. According to a CNET report in 2020, hackers have published as many as 555 million stolen passwords on the dark web since 2017. When you consider that many people use the same password or a variation of a single password, you can see how poor passwords and password-related practices continue to lead to breaches.

So, what can be done?

Enabling MFA is a start. Multi-factor authentication, sometimes referred as Two-Factor Authentication (2FA), comes in different flavors and not all are built equally. MFA can mean two passwords to two different Microsoft Active Directory (AD) servers, but this is rarely used. The most common is credentials (username/password) with a token. RSA and Google Authenticator are a couple of the more popular token options. These tokens are multi-digit, one-time, and are short-lived, making them hard to guess and even if shared, as there is a short window where they are valid. The other method is a push notification to a different device. The MFA software is usually installed on a mobile phone and when trying to log in from a laptop, the user is prompted to…

Source…

Can Cloud Telephony Services with Military Grade Security Enable Organizations to Create High Brand Value?

/in


By Shubham Patidar, Research Consultant at Fact.MR

In today’s technology driven world, the workforce is spread out between those working remotely and those working in offices, with some planning on returning to their office full-time and others remaining on a hybrid or remote model for the foreseeable future. While several companies worldwide have remained invested in the on-premises calling system, the reality is that, today, the shortest way to communicate is often through a stable internet connection.

Companies are thus investing huge sums in the development of a unified communications system with a cloud calling feature. Adapting their communication systems to this new technology can potentially improve or even future-proof the line of communication in and outside of an organization.

Cloud calling, often referred to as cloud telephony, helps in making a company’s overall phone system cost less. It provides voice communication services primarily through a third-party host. It is gradually replacing the need for traditional enterprise telephone systems, including private branch exchange across the globe.

Cloud telephony services further frees organizations from the burden of purchasing and storing stand-alone hardware such as handsets and private branch exchange boxes. It also sets the stage for equipping complementary unified communications as a service (UCaaS) features such as artificial intelligence (AI)-enabled customer support, keyword and voice analysis, interactive voice response (IVR), and call center capabilities.

Organizations nowadays are utilizing cloud telephony services to better connect their teams and make their employees more satisfied, engaged, and focused in their roles. The term ‘cloud telephony’ signifies a multi-tenant access model, with subscribers paying to utilize a provider’s pool of shared and commoditized resources.

As per Fact.MR, a leading market research firm, the global cloud telephony services industry is projected to reach a valuation of US$ 51.5 Billion by the end of 2032 and exhibit growth at a CAGR of 9.5% from 2022 to 2032. Surging need to reduce phone bills and the overall teleconferencing cost in an organization is expected to…

Source…

The Death of “Please Enable Macros” and What it Means

/in




February 14, 2022





On the 7th of February, Microsoft announced an impending change to its ubiquitous suite of Office apps. In Microsoft’s own words: “VBA macros obtained from the internet will now be blocked by default”. The change is expected to begin rolling out in early April.




Technically speaking, VBA macros were already “blocked by default” before. Upon opening a document containing such a macro, the user would be greeted with the following prompt:




And upon clicking this single button, Macros would be enabled. Following this change, for files that originated in the internet, the user would instead see this prompt:




The “learn more” button leads to a short article where Microsoft explains to the end user that macros “are often used by people with bad intentions to distribute malware to unsuspecting victims” and “aren’t required for everyday use like reading or editing a document in Word or using Excel workbooks”. Most importantly, the article stresses, “no legitimate company will make you open an Excel file to cancel an order and you don’t need macros just to read a document in Word”.




After all these admonitions, if the user is still interested in running the offending document macros, Microsoft provides a 4-step process under a collapsible. The process involves manually saving the file to the hard drive, then digging inside the file properties and explicitly clicking a checkmark box titled “unblock”.








This decision did not come about in a vacuum. Starting in the early 2010s, macros in MS-Word documents slowly gained ground and eventually became the most popular vector of infection for the average cybercriminal peddling commodity malware. This rise in popularity was preceded by a long and unusual history: in fact, like the cure for scurvy, VBA malware had to be discovered twice – having been forgotten and become lost to history after the first time. 




The first load-bearing document was a proof-of-concept created all the way back in 1994, during the stone age of POGs, Power Rangers, the Clinton Administration and dial-up internet. Up until then, it was…

Source…