American security firm Onapsis has discovered a security breach in 36 international companies with potentially devastating consequences. The affected organisations are located around the globe and cover a range of industries, although none of them have been directly identified.
The vulnerability appeared in an older version of the widely used Java-based SAP software and does not seem to have been exploited in a focused and coordinated campaign by a particular group. The breach was corrected in 2010 according to SAP, however information about the glitch has been appearing on the internet for at least 3 years, and outdated systems may still be vulnerable. Firms who failed to configure the software appropriately have left themselves open to hack attacks which could result in full access and nearly complete control of essential parts of the company’s operations.