Viral? no not really in that sense, but the story definitely got picked by a lot of media and news sites, blog fora etc. And for very good reasons.
The 10KBLAZE story refers to penetration risks for SAP customers, and talks about the vulnerabilities that could cause such exploits. The mentioned vulnerabilities are indeed known for a long time (years) so to that extent ... nothing new.
What is surprising is that companies simply don't seem to get it and probably all for different reasons (no time, did not know, too complex, costs, attention, focus, lack of management sponsorship, lack of awareness).
What is beyond surprise is the fact that once companies know and understand how such risks can be easily mitigated, they don't seem to care. Wow .... let's think about that for a second. International and large corporations who have invested millions, and often double digit millions in one of the most strategic applications (SAP) on the planet, running their entire business, containing ALL their critical data, .......... yes we know (or now we know) and you cannot be bothered to do something about it? Or you accept someone saying "that is not in the budget!"
Ask yourself if your (next) SAP breach is in the budget, ask yourself if these SAP systems untouchable, ask yourself what would happen if .....
And if you have seen the man in the middle (MITM) attack, how easy it is to exploit SAP systems with insufficient or insecure configurations, that (next) breach could be lot closer than you think, and definitely more costly than you think. Do want to see a man in the middle attack? Let us know.
If you think SAP system hardening is complex, that is where our experts come in.
If you think it is very time consuming, let us show you a way in which it is is not.
If you think it very costly, let us surprise you, ask for a quotation.
Do you want high security levels, little to no effort, acceptable costs?
Securing your most important and critical assets - your SAP systems