Category: Digital Trust Center

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

In collaboration with the police, the Digital Trust Center (DTC) warns about the risks of using generative artificial intelligence (AI) in the workplace. They also share tips on how both employees and employers can safely use AI. Human contact is the key here.

While AI tools such as text generators and image creation apps offer entrepreneurs significant (efficiency) benefits, there is also a dark side to these technologies. Cybercriminals can also use these tools for fraudulent practices .

Identity fraud, such as CEO fraud.
For example, AI can be used to clone a voice or to create realistic texts. Spreading disinformation.
Language model ChatGPT produces authentic-looking texts at scale and with great speed. Such a language model can help criminals for propaganda and disinformation purposes. Malware. ChatGPT is capable of producing codes in a number of different programming languages. For a potential criminal with little technical knowledge, this is an invaluable resource to produce malicious code (such as malware).

Manon den Dunnen, Strategic Digital Specialist at the police, emphasizes the importance of being vigilant when using AI yourself: “If you wouldn't put it on LinkedIn, you shouldn't put it on ChatGPT either. Because that system trains itself with the information you enter and before you know it, your information appears in texts generated for others. That's why companies like Samsung have banned their employees from using it.”

Tips for dealing with artificial intelligence and cybercriminals who use it:

It is best to have confidential conversations in person.
Never enter confidential data into ChatGPT or similar language models.
So no names of people either. Be aware that the systems are aimed at generating texts 'that resemble'. It is not a search engine, there is no database behind it, so do not use it if factuality is important. If you have any doubts about the identity of the person on the phone, you can suggest calling back.
Another option is to ask an experience question. For example: How was your conversation yesterday? Agreements can be made, for example, to only handle invoices if there is an opportunity to check the source.
Investigate which solutions you can implement in coordination with partners in the chain to determine the authenticity of the sender of invoices or other important communications.
Refer back to advice relevant to, for example, phishing or CEO fraud. These forms of cyber incidents remain basically the same, even if AI is used as a tool. Know what questions to ask when purchasing software. For example: How does this software use artificial intelligence, how is it trained, what happens to this data and what security issues are involved?

About the Digital Trust Center

information and a toolbox with cyber tools to support entrepreneurs . The DTC also works with various organizations to increase digital resilience in the entrepreneurial Netherlands.

Stay informed of NIS2 developments

Are you curious about what the new NIS2 guideline will mean for your company and/or your chain suppliers? Then subscribe to the NIS2 theme space within the DTC Community . There, cybersecurity experts, entrepreneurs and government share NIS2 information and you can talk to others about how to prepare for NIS2.

Your digital security is more important than ever. You already take the necessary cybersecurity measures for this. But is it enough? How do you know if you are doing the right thing in a rapidly changing environment? The Digital Trust Center (DTC) has built a safe online forum with the DTC Community where entrepreneurs can ask their cybersecurity questions, where experts help entrepreneurs on their way, where tips are exchanged and where you stay on top of current events.

Cyber ​​Alerts and current events

The DTC, part of the Ministry of Economic Affairs and Climate, shares relevant news and urgent cyber alerts with the cyber community. The members also share indispensable knowledge for entrepreneurs and cybersecurity managers. For example, if there are vulnerabilities in commonly used systems such as Citrix and Windows Exchange Servers , you will be immediately informed about this via a cyber alert so that you can quickly take action. This significantly reduces the risk of a cyber incident. In this way, the DTC Community jointly contributes to a safer business climate in the Netherlands.

More than 2,500 members at your fingertips

The online forum now has more than 2,500 members and new members are added every day. “The DTC Community is the cybersecurity forum of the Netherlands,” says Michel Verhagen, manager of the DTC. “IT professionals, CISOs and entrepreneurs can help each other, exchange knowledge and jointly make the Netherlands digitally resilient. We facilitate this knowledge sharing from the DTC with a safe and independent platform.”

If you don't work on cybersecurity on a daily basis, all the information you read or hear about this subject can sometimes be overwhelming. Where do you start and how do you see the forest through the trees? The DTC Community is for everyone who wants to get started with cybersecurity, from starters to professionals. You can ask questions to experts in this field, for example about cyber awareness within your company, dealing with ransomware or the experiences of others. There are also theme rooms, such as the NIS2 theme room, where members discuss specific topics with each other.

The DTC Community in figures

What the members say:

“As a CISO, I want to be informed of what is going on through reliable sources.”
“Receiving threat information allows me to quickly update our systems when necessary.”
“Through the DTC Community I expand my network, share current knowledge and learn from others.”

Are you an entrepreneur or (jointly) responsible for cybersecurity within your company? Then join the DTC Community .

Secure digital business

As an entrepreneur or security manager, would you like to receive reports of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cyber security information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Do the Basic Cyber ​​Resilience Scan or the CyberVeilig Check for SMEs and the self-employed .

Update – Active exploitation of vulnerabilities

Juniper Networks has indicated that they are aware of successful exploitation of the previously identified vulnerabilities in the Junos OS operating system on SRX firewalls and EX switches.

The advice remains to install security updates

Original message

August 31, 2023

Severe combination vulnerabilities in Juniper EX switches and SRX firewalls

Juniper Networks, the network equipment manufacturer, released security updates on August 17 for several vulnerabilities in the JuneOS operating system. This operating system is used in Juniper EX switches and SRX firewalls. The vulnerabilities ( CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 and CVE-2023-36847 ) are not individually identified as critical, but in combination they can have serious consequences. A so-called ' Proof of concept ' (POC) has been published that demonstrates this. The National Cyber ​​Security Center (NCSC) has therefore scaled up the assessment of the vulnerabilities to ' High/High '. This means that there is a high chance that these vulnerabilities will be exploited and that the damage can be great.

What's the risk?

The vulnerabilities allow arbitrary code execution with administrator privileges on vulnerable Juniper EX switches or SRX firewalls without credentials. To do this, an attacker needs network access to the management interface (J-Web).

It is customary not to simply make management interfaces such as J-Web available to the (entire) Internet. If this is the case, the risk of abuse increases. The vulnerabilities can easily be exploited and the NCSC, among others, expects attacks on Juniper EX switches or SRX firewalls where the management interface is publicly accessible in the foreseeable future.

What can I do?

Juniper has released security updates The advice is to install it or have it installed as soon as possible.

In addition, we strongly recommend limiting access to administrative interfaces as much as possible. Make sure that these are not publicly accessible via the internet. Should remote access be necessary, allow it only through a VPN connection or restrict access to specific IP addresses.

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for SMEs and self-employed persons .

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the Basic Cyber ​​Resilience Scan .

Several serious vulnerabilities were discovered in mail server software Exim in October. Vulnerabilities in Exim have been actively exploited for years, but recently an increase has been observed in the exploitation of vulnerabilities in Exim mail server software. The most critical vulnerability, marked as CVE-2023-42115, is rated with a CVSS score of 9.8. This means that it is a very serious vulnerability with a high risk of abuse and potential damage.

What is Exim?

Exim is software used on many mail servers for the transport and delivery of email messages. Figures show that about 60% of mail servers in the world use Exim. The numbers are also large in the Netherlands. Since September 27, 2023, the DTC has notified 164 times about vulnerable Exim systems.

What's the risk?

Among the various consequences that could result from exploiting vulnerabilities in Exim are remote execution of arbitrary code and disclosure of sensitive information.
The most critical vulnerability makes it possible to take over a vulnerable Exim server without authentication. Mail servers can usually be accessed directly from the internet in order to receive and send e-mail messages. This makes it easy for malicious parties to find vulnerable servers.

What can I do?

Security updates have been released by Exim. The most critical vulnerabilities have been resolved. This concerns Exim updates 4.96.1 and 4.97. Due to the severity of the vulnerabilities, it is advisable to update Exim mail servers to the latest version as soon as possible. Check your logs for suspicious activity, such as failed authentication attempts or unexpected connections from unusual IP addresses. The National Cyber ​​Security Center (NCSC) has also paid attention to the vulnerabilities in Exim.

Exim standard in many email servers

Please note: Exim can be found as standard in various Linux distributions and can also be used in applications or servers known by a different name. If your organization uses its own mail server but you are not sure whether this is based on the Exim software, discuss this with your IT service provider or IT administrator.