Britta Zurborn

Greenbone Networks GmbH is now Greenbone AG

Osnabrück, March 8, 2023 – Our transformation from Greenbone Networks GmbH into the Greenbone AG was completed today by entry into the commercial register (HR B 218768) and is thus effective.

We have taken the next big step and become an AG. Why did we take this step? Our former managing director and also new CEO, Dr. Jan-Oliver Wagner, explains it like this:

“The conversion to a stock corporation is a pioneering step into the future for us. It is the result of the strong and self-financed growth of the past years into an established and industry-leading medium-sized company. With this step, we are simplifying the further development and expansion of our business relationships at home and abroad.”

Our board consists of two people, the second is Elmar Geese, who is already responsible for Greenbone’s marketing today:

“With our products for intelligent vulnerability management, we have the potential to evolve from a market leader in the open source sector to an even much stronger player. With our new positioning, and also with new products, we want to take this next big step.”

Dr. Jan-Oliver Wagner, CEO und Mitbegründer von Greenbone

Dr. Jan-Oliver Wagner, CEO

Elmar Geese, CIO und CMO

Elmar Geese, CMO/CIO

About Greenbone AG

Greenbone products identify security gaps, assess their risk potential and recommend measures for remediation. In this way, vulnerabilities are uncovered before they can cause damage.
Further information about Greenbone, its products, the topic of cyber security, and current vulnerabilities can be found here.

Media Contact
Britta Zurborn
britta.zurborn@greenbone.net


Contact Free Trial Buy Here Back to Overview

/by
Markus Feilner

German BSI warns of vulnerability in VMware ESXi

A new wave of ransomware attacks has been threatening numerous servers in Europe. The attacks focus on the hypervisors in VMware’s virtualization server ESXi.
Patches are available, Greenbone’s products can protect and help to find the vulnerability.

The German BSI explicitly warns of the vulnerability and in its latest information on the security situation speaks of thousands of servers and a worldwide threat with a focus on Europe, the U.S. and Canada, using a vulnerability that the manufacturer already patched almost two years ago: (CVE-2021-21974).

Not only VMWare servers themselves at risk

According to IT security portal Hackernews, French provider OVHcloud has confirmed the open source implementation of the IETF Service Location Protocol (OpenSLP) as an entry point.

The threat to IT systems in this case is classified as business-critical – a successful attack with ransomware can therefore cause massive disruptions to regular operations. What is particularly serious about attacks of this type is that under certain circumstances not only institutions that use VMware ESXi themselves are affected, but also third parties – for example, via the server systems hosted in VMware virtualization.

France, Italy, Finland, Canada and the U.S.

Suspicions that European organizations and institutions were the main focus of attackers in the latest wave of attacks were also confirmed a few days later, when the Italian National Cybersecurity Agency ACN warned of the vulnerabilities and a “large-scale wave of attacks.” A Reuters report also speaks of attacks in Finland and the United States.

Users can protect themselves, however: The manufacturer VMware advises upgrading to the latest version of its software – and installing the patch. In general, systems like Greenbone Vulnerability Management help prevent such intrusions by finding the unpatched gaps and proactively warning administrators in reports.

Checking with the Greenbone Cloud

Installation of the VMware patch is free, as is an audit of their systems with the Greenbone Cloud Service Trial. In general, administrators should always ensure that all backups are secured against ransomware and examine log files for suspicious system access – the BSI lists six questions on the checklist in its warning that every administrator should ask themselves now.


Contact Free Trial Buy Here Back to Overview

/by
Markus Feilner

More Docker compliance tests in Greenbones Vulnerability Management

For almost two years, Greenbone has been adding more and more tests from the recommendations of the Center for Internet Security (CIS) in its security feed. Among the newest ones are benchmarks for the container management solution Docker.

Docker is one of the most common container technologies in enterprise environments. Its increasing popularity within DevOps circles, ease-of-use and flexibility made it popular among developers and DevOPS. Therefore, the CIS is providing benchmark tests for configuration compliance in Docker environments which are „intended for system and application administrators, security specialists, auditors, help desk, and platform deployment personnel who plan to develop, deploy, assess, or secure solutions that incorporate Docker“ – and Greenbone is happy to integrate these tests in its vulnerability management products.

Testing Docker environments for Vulnerabilities

The CIS benchmarks (more than 140 as of 2023) contain guidance on best practices for configuring IT systems, networks, and software. They are created together with developers, subject matter experts and companies in enterprise Docker environments and have become the reference for compliance testing regarding cybersecurity. The CIS benchmarks come in seven groups, (Operating System, Server Software, Cloud Provider Benchmarks, Mobile Device, Network Device, Desktop Software, Multi-Function Print Device), of which the Docker tests reside in the Server section. Greenbone has been supporting Docker for a while, continuously updating the tests.

Greenbone has been supporting CIS benchmarks for years

Since 2021, Greenbone has been integrating and continuously expanding CIS benchmarks in its products – now integrating the docker compliance benchmarks for Docker systems newer than Docker 1.4. All tests are combined by Greenbone into scan configurations and added to the Greenbone Enterprise Feed. The Greenbone product will run the set of tests on a target system, checking configuration and other settings, for example file permissions. Having done so, it returns a report with mitigation strategies to the administrator who can then adapt his systems to the recommendations for security compliance.

Certified by CIS

As a member CIS consortium Greenbone is continuously expanding its CIS Benchmark scan configurations – right now, for example, Greenbone is working on Kubernetes integration. Like all compliance policies developed by Greenbone on the basis of CIS Benchmarks, the latest ones are certified by CIS – this means maximum security when it comes to auditing a system according to CIS hardening recommendations. This not only simplifies the preparation of audits, important criteria can be checked in advance with a scan by a Greenbone product and, if necessary, any weaknesses found can be remedied before problems arise.


Contact Free Trial Buy Here Back to Overview

/by