The war situation in Ukraine and cyber threats
On February 24, we sent out a security update on the cybersecurity implications of Russia's invasion of Ukraine. In this new bulletin, we give you a status update on the most recent developments.
Lessons learned from over sixty years of combined Zero Trust implementation
Biden’s Zero Trust advice, as well as the Dutch NSCS advice, has put Zero Trust on the map more than it has ever been before. But what exactly is Zero Trust? And how has it developed since John Kindervag popularized the term?
The Log4j lessons: so what IS vulnerability management anyway?
We continue our Log4j blog series with the second installment: a deep dive into the subject of vulnerability management. What does it involve? What tools to use? And how to operationalize it into a long-term strategic cybersecurity approach.
The Log4j lessons: If it ain’t broke, fix it now!
A blog series with the title The Log4J lessons might suggest that the fallout of the Log4j vulnerability is mostly behind us. Indeed, since the end of 2021 there has been tremendous effort from technology vendors, SOC’s and IT-departments to mitigate this threat. But given the widespread usage of this open-source logging library and the well-publicized ease of the attack, it’s highly unlikely that we’ve heard the last of Log4j in 2022.
Log4j: Frequently Asked Questions
The Log4j vulnerability that was discovered on Thursday, December 9th, is still a pressing issue for many companies. Since its discovery, we’ve received many questions from customers, most of which we have gathered on this FAQ page. If you have any questions regarding the Log4j vulnerability, you can find the answer to many of them here. This page will be continuously updated as we monitor the development of this situation.
Log4j: Still a code red for the ON2IT CIRT
On Thursday, December 9th a serious vulnerability was discovered in the much-used Apache Log4j Java logging library (Log4j). Through this vulnerability, an unauthenticated, unauthorized RCE (Remote Code Execution) is made possible, which can be used to take over a server. A patch was quickly made available, but executing said patch is proving to be a more complex activity.
