Positive Technologies has today confirmed it has detected Vulnerability-related.DiscoverVulnerability vulnerabilities in SAP Enterprise Portal Navigation , SAP NetWeaver Log Viewer and SAP Enterprise Portal Theme Editor , which are the components of the SAP NetWeaver platform . By exploiting these security flaws , attackers can intercept Attack.Databreach login credentials , register keystrokes , spoof data or perform other illegal activities that could potentially lead to a system compromise . Four Cross-Site Scripting ( XSS ) vulnerabilities were detected Vulnerability-related.DiscoverVulnerability in the following SAP Enterprise Portal components : SAP Enterprise Portal Navigation ( CVSSv3 score 6.1 ) and SAP Enterprise Portal Theme Editor ( three flaws with CVSSv3 scores 5.4 , 6.1 , and 6.1 ) . Exploiting these vulnerabilities , an attacker could obtain access Attack.Databreach to a victim 's session tokens , login credentials or other sensitive information in the browser , perform arbitrary actions on the victim 's behalf , rewrite HTML page content and intercept Attack.Databreach keystrokes . The relevant remediation guidelines are described in SAP Security notes No . 2369469 , 2372183 , 2372204 , and 2377626 . Another vulnerability—Directory Traversal ( CVSSv3 score 5.9 ) —allows arbitrary file upload in SAP NetWeaver Log Viewer . Attackers can upload a malformed archive that contains files with special characters in their names . When the web application unpacks the archive , it resolves symbols `` . '' and `` / '' as a part of the correct file path , so attackers can exploit the Directory Traversal vulnerability and upload files to an arbitrary place on the server file system . The consequences of arbitrary file upload can include total compromise of a system , overload of a file system or database , expanding attacks to back-end systems and defacement . The impact of this vulnerability is high , as arbitrary code can be executed on the server . SAP Security note No . 2370876 describes the activities required to eliminate this flaw . Dmitry Gutsko , Head of the Business System Security Unit at Positive Technologies said : `` Large companies all over the world use SAP to manage financial flows , product lifecycle , relationships with vendors and clients , company resources , procurement , and other critical business processes . It is vital to protect the information stored in SAP systems as any breach Attack.Databreach of confidential information could have a devastating impact on the business . '' In order to identify vulnerabilities in SAP products , perform inventory checks on these systems , manage updates and analyze settings , configurations , and permissions , Positive Technologies ’ MaxPatrol vulnerability and compliance management solution has been certified by SAP for integration with SAP NetWeaver . In addition , Positive Technologies Application Firewall ( PT AF ) detects attacks , including those that leverage zero-day vulnerabilities , in SAP NetWeaver , SAP ICM , SAP Management Console , and SAP SOAP RFC using special security profiles . Positive Technologies Application Inspector also supports analysis of Java applications for the SAP NetWeaver Java platform .

Android users were the target of new banking malware with screen locking capabilities , which was disguised as Attack.Phishing a weather forecast app on Google Play . Detected by ESET as Trojan.Android/Spy.Banker.HU , the malware was a trojanized version of the otherwise benign Attack.Phishing weather forecast application Good Weather . The malicious app managed to get around Google ’ s security mechanisms and appeared in the store on February 4th , only to be reported by ESET two days later and consequently pulled from the store . During its short lifetime , the app found its way to devices of up to 5000 users . Besides the weather forecast functionalities it adopted from the original legitimate application , the trojan is able to lock and unlock infected devices remotely and intercept Attack.Databreach text messages . Apart from doing so , the trojan targeted the users of 22 Turkish mobile banking apps , whose credentials were harvested Attack.Databreach using phony login forms . The infected device then displays Attack.Phishing a fake system screen requesting device administrator rights on behalf of fictitious “ System update ” . By enabling these rights , the victim allows the malware to Change the screen-unlock password and Lock the screen . Users who are not alarmed at this point might be pleased with the new weather widget they can add to their home screens . However , in the background , the malware is getting to work sharing device information with its C & C server . Depending on the command it gets in return , it can intercept Attack.Databreach received text messages and send them to the server , remotely lock and unlock the device by setting a lock screen password of the attackers ’ choice , and harvest Attack.Databreach banking credentials . The trojan displays Attack.Phishing a fake login screen once the user runs one of the targeted banking apps and sends entered data to the attacker . Thanks to the permission to intercept Attack.Databreach the victims ’ text messages , the malware is also able to bypass SMS-based two-factor authentication . As for the device locking , we suspect this function enters the picture when cashing out the compromised bank account , to keep the fraudulent activity hidden from the user . Once locked out , all victims can do is wait until the malware receives a command to unlock the device . If you ’ ve recently installed a weather app from the Play Store , you might want to check if you haven ’ t been one of the victims of this banking trojan . In case you think you might have downloaded an app named Good Weather , check for its icon under your apps . After running anything you ’ ve installed on your mobile device , keep paying attention to what permissions and rights it requests . An app that won ’ t run without advanced permissions that aren ’ t connected to its intended function might be an app you don ’ t want installed on your phone .