The story "Security researcher urges IT managers to keep up with SAP patches," posted on the wire Thursday, incorrectly stated the location of Onapsis in the second paragraph.

The story has been corrected on the wire and the second paragraph now reads:

Attackers targeting SAP platforms don't need access credentials to perform these attacks, said Juan Perez-Etchegoyen, CTO of Onapsis, a U.S. security firm with research and development in Argentina, that is focused on ERP systems and business-critical infrastructure. Perez-Etchegoyen made his remarks at the Hack in the Box conference in Amsterdam on Thursday.