cyberschubi
@cyberschubi.bsky.social
Watcher. SAP Architect & Cybersecurity Specialist.
Designer and creator of CS4S™, blending hands-on experience with vision. Personal opinions grounded in facts
Designer and creator of CS4S™, blending hands-on experience with vision. Personal opinions grounded in facts
Makes full sense :
securitybridge.com/press/securi...
securitybridge.com/press/securi...
SecurityBridge acquires CyberSafe
SecurityBridge today announced the acquisition of CyberSafe, a UK-based pioneer in MFA and SSO solutions for SAP users.
securitybridge.com
July 25, 2025 at 8:54 PM
Makes full sense :
securitybridge.com/press/securi...
securitybridge.com/press/securi...
SAP hotfixes and patch cycles are accelerating—but without SAP-aware detection, SOC teams drown in noise.
Governance checks are nice. Threat detection is vital.
Without DLP and adaptive alerts, you’re flying blind. #SAP #DLP #Cybersecurity
Governance checks are nice. Threat detection is vital.
Without DLP and adaptive alerts, you’re flying blind. #SAP #DLP #Cybersecurity
July 25, 2025 at 1:03 PM
SAP hotfixes and patch cycles are accelerating—but without SAP-aware detection, SOC teams drown in noise.
Governance checks are nice. Threat detection is vital.
Without DLP and adaptive alerts, you’re flying blind. #SAP #DLP #Cybersecurity
Governance checks are nice. Threat detection is vital.
Without DLP and adaptive alerts, you’re flying blind. #SAP #DLP #Cybersecurity
Reposted by cyberschubi
CERTFR-2025-AVI-0564: Multiples vulnérabilités dans les produits SAP
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0564/
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0564/
July 8, 2025 at 2:05 PM
CERTFR-2025-AVI-0564: Multiples vulnérabilités dans les produits SAP
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0564/
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0564/
SAP’s cloud strategy isn’t about software delivery — it’s shifting responsibility. Customers often assume SAP secures everything, but that’s not the case. When incidents happen, insurers and regulators expect YOU to have done your part.
Awareness is key.
#SAPCloud #Security #SharedResponsibility
Awareness is key.
#SAPCloud #Security #SharedResponsibility
July 8, 2025 at 4:22 PM
SAP’s cloud strategy isn’t about software delivery — it’s shifting responsibility. Customers often assume SAP secures everything, but that’s not the case. When incidents happen, insurers and regulators expect YOU to have done your part.
Awareness is key.
#SAPCloud #Security #SharedResponsibility
Awareness is key.
#SAPCloud #Security #SharedResponsibility
Subject fields of a certificate (CN, O, OU, etc.) must always be accurate — even for self-signed ones.
These are not cosmetic. They define identity and trust boundaries.
An invalid DN is technical debt at best, a trap at worst.
No, “internal use” doesn’t justify nonsense in cert fields.
These are not cosmetic. They define identity and trust boundaries.
An invalid DN is technical debt at best, a trap at worst.
No, “internal use” doesn’t justify nonsense in cert fields.
June 24, 2025 at 7:37 PM
Subject fields of a certificate (CN, O, OU, etc.) must always be accurate — even for self-signed ones.
These are not cosmetic. They define identity and trust boundaries.
An invalid DN is technical debt at best, a trap at worst.
No, “internal use” doesn’t justify nonsense in cert fields.
These are not cosmetic. They define identity and trust boundaries.
An invalid DN is technical debt at best, a trap at worst.
No, “internal use” doesn’t justify nonsense in cert fields.
A self-signed certificate gives you no identity, no trust, no revocation.
It’s not a security measure. It’s a placeholder — and a bad one.
Any shared system needs a real CA, internal or external. Period.
#PKI #X509 #enterpriseSecurity
It’s not a security measure. It’s a placeholder — and a bad one.
Any shared system needs a real CA, internal or external. Period.
#PKI #X509 #enterpriseSecurity
June 23, 2025 at 6:59 AM
A self-signed certificate gives you no identity, no trust, no revocation.
It’s not a security measure. It’s a placeholder — and a bad one.
Any shared system needs a real CA, internal or external. Period.
#PKI #X509 #enterpriseSecurity
It’s not a security measure. It’s a placeholder — and a bad one.
Any shared system needs a real CA, internal or external. Period.
#PKI #X509 #enterpriseSecurity
Reposted by cyberschubi
⚠️Alerte CERT-FR⚠️
La vulnérabilité CVE-2025-31324 permet l'exécution de code arbitraire à distance pour un attaquant non authentifié dans SAP NetWeaver (Visual Composer development server). Le CERT-FR a connaissance de plusieurs compromissions.
www.cert.ssi.gouv.fr/alerte/CERTF...
La vulnérabilité CVE-2025-31324 permet l'exécution de code arbitraire à distance pour un attaquant non authentifié dans SAP NetWeaver (Visual Composer development server). Le CERT-FR a connaissance de plusieurs compromissions.
www.cert.ssi.gouv.fr/alerte/CERTF...
Vulnérabilité dans SAP NetWeaver - CERT-FR
www.cert.ssi.gouv.fr
April 28, 2025 at 3:45 PM
⚠️Alerte CERT-FR⚠️
La vulnérabilité CVE-2025-31324 permet l'exécution de code arbitraire à distance pour un attaquant non authentifié dans SAP NetWeaver (Visual Composer development server). Le CERT-FR a connaissance de plusieurs compromissions.
www.cert.ssi.gouv.fr/alerte/CERTF...
La vulnérabilité CVE-2025-31324 permet l'exécution de code arbitraire à distance pour un attaquant non authentifié dans SAP NetWeaver (Visual Composer development server). Le CERT-FR a connaissance de plusieurs compromissions.
www.cert.ssi.gouv.fr/alerte/CERTF...
Beyond noise, a perfectly balanced view :
securitybridge.com/blog/cve-202...
securitybridge.com/blog/cve-202...
CVE-2025-31324: Active Exploitation of SAP Vulnerability
Active exploitation of SAP vulnerability CVE-2025-31324, affected users are urged to take immediate action. Here is how to respond
securitybridge.com
April 26, 2025 at 11:27 PM
Beyond noise, a perfectly balanced view :
securitybridge.com/blog/cve-202...
securitybridge.com/blog/cve-202...