Tag: Digital Trust Center

Progress report 2023 of the government's Digital Economy Strategy

Update October 24, 2023: Additional public and private investments in innovative digital technology, modern rules for digital markets and greater availability of fast digital infrastructure have brought the five government goals for the digital economy closer last year. For example, more Dutch people (from 91% to 98%) have access to gigabit internet and 80% of SMEs (from 75.3%) apply a basic level of digitalization. This is evident from the 2023 progress report of the government's Digital Economy Strategy of Minister Micky Adriaansens (Economic Affairs and Climate), which the Council of Ministers has agreed to.

Accelerating digitalization by SMEs, more digital innovation and skills, well-functioning online markets, a strong digital infrastructure in the Netherlands and improving cybersecurity. These are the five ambitions in the government's Digital Economy strategy of Minister Micky Adriaansens (Economic Affairs and Climate), which the Council of Ministers has agreed to.  

The ultimate goal of the cabinet strategy is an enterprising, innovative, sustainable and safe digital economy in which everyone in the Netherlands can participate. The efforts also contribute to reducing unwanted dependence on third parties in the Netherlands and Europe. With the strategy, public interests are better defended and economic resilience increases.

Featured: Strengthening cybersecurity

We would like to highlight the key points of the fifth ambition 'strengthening cybersecurity'.

Digital security must be a daily part of entrepreneurship in small and large companies. Cyber ​​incidents have consequences for their own processes, for their customers and sometimes even for larger parts of society if a company or production process comes to a standstill.

The digital awareness of entrepreneurs and consumers can be improved, according to recent research by the Ministry of Economic Affairs and Climate Policy. Users remain responsible, but the government will support them more actively and also focus on making products and services safer by default.

Specific information about cyber threats, vulnerabilities and incidents can be shared with individual companies. In addition to the so-called vital sectors, from mid-2024 medium to large players in the food sector, chemical and manufacturing industries, waste processing, postal and courier services and data centers must take appropriate cyber measures and this will also be monitored.

European minimum requirements will be introduced for the digital security of devices connected to the internet – the so-called Internet of Things (IoT). Products that do not comply with this will be banned everywhere in the EU from mid-2024.

Qualitative and quantitative shortages in the cybersecurity labor market are identified and joint actions are developed to address these shortages.

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

Several serious vulnerabilities were discovered in mail server software Exim in October. Vulnerabilities in Exim have been actively exploited for years, but recently an increase has been observed in the exploitation of vulnerabilities in Exim mail server software. The most critical vulnerability, marked as CVE-2023-42115, is rated with a CVSS score of 9.8. This means that it is a very serious vulnerability with a high risk of abuse and potential damage.

What is Exim?

Exim is software used on many mail servers for the transport and delivery of email messages. Figures show that about 60% of mail servers in the world use Exim. The numbers are also large in the Netherlands. Since September 27, 2023, the DTC has notified 164 times about vulnerable Exim systems.

What's the risk?

Among the various consequences that could result from exploiting vulnerabilities in Exim are remote execution of arbitrary code and disclosure of sensitive information.
The most critical vulnerability makes it possible to take over a vulnerable Exim server without authentication. Mail servers can usually be accessed directly from the internet in order to receive and send e-mail messages. This makes it easy for malicious parties to find vulnerable servers.

What can I do?

Security updates have been released by Exim. The most critical vulnerabilities have been resolved. This concerns Exim updates 4.96.1 and 4.97. Due to the severity of the vulnerabilities, it is advisable to update Exim mail servers to the latest version as soon as possible. Check your logs for suspicious activity, such as failed authentication attempts or unexpected connections from unusual IP addresses. The National Cyber ​​Security Center (NCSC) has also paid attention to the vulnerabilities in Exim.

Exim standard in many email servers

Please note: Exim can be found as standard in various Linux distributions and can also be used in applications or servers known by a different name. If your organization uses its own mail server but you are not sure whether this is based on the Exim software, discuss this with your IT service provider or IT administrator.

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

discovered in October . Vulnerabilities in Exim have been actively exploited for years, but recently an increase has been observed in the exploitation of vulnerabilities in Exim mail server software. The most critical vulnerability, marked as CVE-2023-42115 , is rated with a CVSS score of 9.8. This means that it is a very serious vulnerability with a high risk of abuse and potential damage.

What is Exim?

Exim is software used on many mail servers for the transport and delivery of email messages. Figures show that about 60% of mail servers in the world use Exim. The numbers are also large in the Netherlands. Since September 27, 2023, the DTC has notified 164 times about vulnerable Exim systems.

What's the risk?

Among the various consequences that could result from exploiting vulnerabilities in Exim are remote execution of arbitrary code and disclosure of sensitive information.
The most critical vulnerability makes it possible to take over a vulnerable Exim server without authentication. Mail servers can usually be accessed directly from the internet in order to receive and send e-mail messages. This makes it easy for malicious parties to find vulnerable servers.

What can I do?

Security updates have been released by Exim . The most critical vulnerabilities have been resolved. This concerns Exim updates 4.96.1 and 4.97. Due to the severity of the vulnerabilities, it is advisable to update Exim mail servers to the latest version as soon as possible. Check your logs for suspicious activity such as failed authentication attempts or unexpected interactions from unusual IP addresses. The National Cyber ​​Security Center (NCSC) has also paid attention to the vulnerabilities in Exim.

Exim standard in many email servers

Please note: Exim can be found as standard in various Linux distributions and can also be used in applications or servers known by a different name. If your organization uses its own mail server but you are not sure whether this is based on the Exim software, discuss this with your IT service provider or IT administrator.

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

Software company Citrix has released security updates for vulnerabilities in NetScaler Gateway and NetScaler ADC, formerly known as Citrix Gateway and Citrix ADC. One of the vulnerabilities, with characteristic CVE-2023-4966 , is actively exploited and receives a CVSS score of 9.4. This means that it is a very critical vulnerability. The National Cyber ​​Security Center (NCSC) recently increased the vulnerability to ' High/High '. This means that there is a high chance that this vulnerability will be abused and that the damage could be extensive.

What is going on?

An attacker could exploit the previous vulnerabilities CVE-2023-4966 and CVE-2023-4967 to obtain sensitive information or conduct a denial-of-service attack. Vulnerability CVE-2023-4966 is actively being exploited. This has probably been happening since August. This vulnerability allows an unauthenticated attacker to take over user sessions. The acquired rights can then be used to perform actions on the affected system.

What can you do?

The Digital Trust Center recommends that you install the available security updates as soon as possible if you are using a vulnerable version. Citrix indicates that the following versions are vulnerable:

NetScaler ADC and NetScaler Gateway 14.1 1 to version 14.1-8.50
NetScaler ADC and NetScaler Gateway 13.1 1 to version 13.1-49.15
NetScaler ADC and NetScaler Gateway 13.0 1 to version 13.0-92.19
NetScaler ADC 13.1-FIPS 1 to version 13.1-37. 164
NetScaler ADC 12.1 -FIPS up to version 12.1-55.300
NetScaler ADC 12.1-NDcPP up to version 12.1-55.300

Please note: NetScaler ADC and NetScaler Gateway version 12.1 has End-of-Life status and will therefore not receive security updates. If you are still using this version, it is advisable to upgrade it to a supported version as soon as possible.

This vulnerability was exploited before Citrix made security updates available, so it is important to be extra vigilant on compromised systems. 

If you are unsure whether you are using a vulnerable version of Citrix NetScaler ADC or NetScaler Gateway, please contact your IT service provider.

You can find more information about the vulnerability on the Citrix website. Mandiant also paid attention to the vulnerability in a blog, in which they, among other things, provide additional trading perspectives.

was developed National Digital Infrastructure Inspectorate in close coordination with the relevant ministries and supervisors Anyone who completes the self-evaluation will know whether their organization falls under the NIS2 guideline. It also becomes clear whether the organization is seen as 'essential' or 'important' for the functioning of society and/or the economy according to the NIS2 guideline.

View the NIS2 self-assessment tool to determine whether your organization falls under the NIS2 guideline.

What is the NIS2 guideline?

The NIS2 is a European guideline that is currently being translated into national legislation, under the coordination of the Ministry of Justice and Security and in collaboration with the relevant ministries. On the What will the NIS2 guideline mean for your organization you can find more information about the reason and content of this guideline.

Why was the self-evaluation tool developed?

The NIS2 guideline must be translated into national legislation by the end of 2024, which will then apply to all organizations that are considered 'essential' or 'important' according to the guideline. This means that these organizations still have another year to prepare for the obligations of the upcoming legislation. That is why the RDI has developed the self-evaluation tool, so that organizations can already estimate whether they will have to comply with the new rules.  

Draft legal texts will soon be available for internet consultation

The internet consultation will start soon, which will give organizations the opportunity to respond to the draft legal texts resulting from the NIS2 directive. This also gives organizations more insight into what is expected of them if they have to comply with the law by the end of 2024. When this internet consultation is announced, the central government will also provide information and guidance to get started with preparations for the upcoming legislation.

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for self-employed persons and SMEs .

Secure digital business

As an entrepreneur or security manager, would you like to receive notifications of serious cyber threats to companies in your mailbox? Then join the DTC Community .
To support entrepreneurs, there is also a wide range of cybersecurity information and a toolbox with cyber tools . Want to test whether you already have the basics in order? Take the CyberSafe Check for SMEs and self-employed persons .