Tag Archive for: Cyber Resilience

Greenbone AG

Greenbone Reduces the Blast Radius of a Cyber Breach

Cyber attacks, like other types of security incidents, range dramatically in scope and impact. When defenders are prepared, an incident may be contained, damage limited, and recovery swift. When caught unprepared, a single incident may result in days or weeks of downtime, lost revenue, tarnished reputation, regulatory penalties or class action settlements [1][2]. In May 2024, Change Healthcare forecasted an expected loss of 1.6 billion Dollar. As of January 2025, the total cost of the Change Healthcare ransomware attack has reached almost 3 billion Dollar [3][4].

The totality of damage caused by an IT security breach, known as the “blast radius”, depends on many factors. These factors include whether vulnerabilities are being managed, if a defense in depth approach to cybersecurity has been applied, network segmentation, effective backup strategies and more. Negligent security hygiene is an open invitation to attackers, resulting in more costly outcomes like extensive data theft, ransomware extortion and even destructive wiper attacks used for industrial sabotage. A recent report found that once inside a network, attackers now deploy ransomware within 48 minutes on average and CVE disclosures are being weaponized into exploits within 18 days.

This article explores the concept of a cyber attack “blast radius” and the role that effective Vulnerability Management plays in containing the fallout from cyber intrusions. With the right controls in place, the damage from a cyber breach can be minimized and worst-case outcomes prevented

What is the “Blast Radius” of a Cyber Breach?

The term “blast radius” is military jargon referring to the physical area damaged by an exploding bomb. In digital systems, the term similarly refers to the extent of damage caused by a cyber attack. How many systems did an attacker compromise? Were they able to subsequently compromise critical systems after initial access? Did they breach adjacent networks or cloud assets?

Far-reaching damage is not a foregone conclusion when hackers gain initial access. Defenders can effectively cut off the attack at an early stage, preventing malicious actors from achieving their ultimate objectives or causing far reaching damage.

The Consequences of a Bigger Blast Radius

While forfeiting unauthorized access to an adversary is bad, it’s the subsequent stages of an attack that keeps IT security managers up at night. The latter stages of a cyber breach such as installing malware on critical assets, exfiltrating sensitive data, or encrypting files have the most profound implications for organizations. As blast radius increases, it is much more likely that an organization will experience a significantly negative impact.

Increased blast radius can result in:

  • Longer “Dwell Time”: Lateral movement and persistence techniques can allow attackers to remain undetected for extended periods, gathering intelligence and preparing subsequent attacks.
  • Increased financial losses: Service disruptions and ransomware attacks contribute to higher financial losses, lost revenue from downtime, risk of regulatory penalties and erode business relationships.
  • Increased operational downtime: The impact of operational downtime can reverberate across an organization causing delays, frustration and desynchronizing operations.
  • Loss of sensitive data: Attackers seek to exfiltrate sensitive data to support espionage campaigns or extort victims into paying ransom.
  • Compromised trust: Unauthorized access to messaging systems or third-party assets can erode trust among stakeholders, including customers, employees and business partners.

Greenbone Reduces the Blast Radius of a Cyber Breach

Vulnerability Management is a powerful factor in reducing the so-called “blast radius”. Effective mitigation of security gaps can leave an adversary with no easily accessible means to extend their initial foothold. Vulnerability management is most efficiently and effectively implemented by automatically scanning for security weaknesses throughout a network infrastructure and remediating the attack surface. In doing so, organizations can greatly reduce the potential blast radius of a successful cyber attack and also reduce probability of being breached in the first place.

Threat Mapping helps IT security teams understand their attack surfaces, the locations where adversaries may be able to enter a network. Greenbone’s core capabilities support Threat Mapping efforts with system and service discovery scans and by scanning both network and host attack surfaces allowing defenders to reduce their attack surface by 99%. Furthermore, Greenbone provides real-time reporting and alerts to keep security teams informed of emerging threats, enabling a proactive cybersecurity posture and timely remediation. This proactive, layered approach to cybersecurity reduces the potential blast radius and results in better security outcomes. Defenders are afforded more time to detect an attacker’s presence and eliminate it before catastrophic damage can be done.

The Strongest Defenses with Greenbone Enterprise Feed

The strongest defenses come from Greenbone’s industry leading Enterprise Vulnerability Feed. In total, the Greenbone Enterprise Feed has approximately 180,000 vulnerability tests and counting which can detect both general security compliance weaknesses and application specific vulnerabilities. Our Enterprise Feed adds hundreds of new tests each week to detect the newest emerging threats.

Here is a list of IT assets that Greenbone is designed to scan:

  • Internal network infrastructure: Scanning internal network devices with any type of exposed service, such as databases, file shares, SNMP enabled devices, firewalls, routers, VPN gateways and more.
  • On-premises and cloud servers: Attesting server configurations to ensure compliance with security policies and standards.
  • Workstations: Greenbone scans workstations and other endpoints across all major operating system (Windows, Linux, and macOS) to identify the presence of known software vulnerabilities attesting compliance with cybersecurity standards like CIS Benchmark
  • IoT and peripheral devices: IoT and peripheral devices, such as printers, use the same network protocols for communication as other network services. This allows them to be easily scanned for device and application specific vulnerabilities and common misconfigurations similarly to other network endpoints.

Reducing Network Attack Surface

Network attack surface consists of exposed network services, APIs and websites within an organization’s internal network environment and public facing infrastructure. To scan network attack surfaces, Greenbone builds an inventory of endpoints and listening services within target IP range(s) or a list of hostnames, then scans for known vulnerabilities.

Greenbone’s network vulnerability tests (NVTs) consist of version checks and active checks. Version checks query the service for a version string and then compare it for matching CVEs. Active checks use network protocols to interact with the exposed service to verify whether known exploit techniques are effective. These active checks use the same network communication techniques as real world cyber attacks, but do not seek to exploit the vulnerability. Instead, they simply notify the security team that a particular attack is possible. Anything an attacker can reach via the internet or local network, Greenbone can scan for vulnerabilities.

Reducing Host Attack Surface

Host attack surface is the software and configurations within individual systems that cannot be accessed directly via the network. Reducing the host attack surface minimizes what an attacker can do with initial access. Greenbone’s authenticated scans conduct Local Security Checks (LSC) to assess a system’s internal components for known weaknesses and non-compliant configurations that could allow attackers to escalate their privilege level, access sensitive information, install additional malware or move laterally to other systems.

Greenbone’s Enterprise Feed includes families of LSC for each major operating system including Ubuntu, Debian, Fedora, Red Hat, Huawei, SuSE Linux distributions, Microsoft Windows, macOS and many more.

Post-Breach Tactics: the Second Stage of Cyber Intrusions

Once attackers gain a foothold within a victim’s network, they engage in secondary exploitation techniques to deepen their access and achieve their objectives. In the modern cybercrime ecosystem, Initial Access Brokers (IABs) specialize in gaining unauthorized access. IABs then sell this access to other cybercriminal groups that specialize in second-stage attack tactics such as deploying ransomware or data theft. Similar to breaching the walls of a fortress, after initial access, an organization’s internal network becomes more accessible to attackers.

Some tactics used during the second stage of cyber attack include:

  • Privilege escalation [TA0004]: Attackers seek ways to elevate their access rights, allowing them access to more sensitive data or to execute administrative actions.
  • Lateral movement [TA0008]: Attackers compromise other systems within the victim’s network, extending their access to high-value resources.
  • Persistent remote access [TA0028]: Creating new accounts, deploying backdoors or using compromised credentials, attackers seek to maintain their access even if the initial vulnerability is remediated or their presence is detected.
  • Credential theft [TA0006]: Stolen sensitive data can be processed offline by attackers attempting to crack passwords, break into protected resources or plan social engineering attacks.
  • Accessing messaging systems [T1636]: Accessing organizational messaging platforms or collaboration tools gives access to sensitive information which can be used to conduct social engineering attacks such as spear phishing, even targeting external partners or customers.
  • Encryption for impact [T1486]: Identifying critical assets, financially motivated adversaries seek to maximize impact by deploying ransomware and extorting the victim to return access to the encrypted data.
  • Data exfiltration [TA0010]: Downloading a victim’s sensitive data can be used for espionage and also gives attackers leverage to extort victims into paying to not release it publicly.
  • Denial of Service attacks [T0814]: Service disruption can be used for further extortion or as a distraction to execute other attacks within the victim’s network.

Summary

Blast radius refers to the scope of damage that an adversary imposes during a cyber attack. As attacks progress, adversaries seek to penetrate deeper, gaining access to more sensitive systems and data. Lack of cyber hygiene gives attackers free reign to steal data, deploy ransomware and cause service disruptions and complicates detection and recovery. Minimizing attack surface is crucial for reducing the potential impact of a cyber breach and helps ensure a better security outcome.

Greenbone’s core contribution to cybersecurity is to increase security visibility in real-time, alerting defenders to vulnerabilities and giving them the opportunity to close security gaps, preventing hackers from exploiting them. This includes both network attack surface: public-facing assets, internal network infrastructure, cloud assets and host attack surface: internal software applications, packages and common misconfigurations.

By delivering industry-leading vulnerability detection, Greenbone empowers real-time threat visibility, empowering defenders to proactively ensure that adversaries are decisively neutralized.

Contact Test Now Buy Here Back to Overview

/by
Greenbone AG

Availability of CVE Vulnerability Data in Greenbone Products

Greenbone AG has been consistently committed to an independent and resilient supply chain for the provision of vulnerability data for many years. Against the background of current discussions on the financing and sustainability of the CVE programme of the US organisation MITRE, we would like to inform you about our measures to ensure the continuous provision of important information about vulnerabilities in IT systems.

Since 1999, the CVE system has formed the central basis for the clear identification and classification of security vulnerabilities in IT. Funding for the central CVE database is currently secured by the US government until April 2026. Against this background, Greenbone took structural measures at an early stage to become less dependent on individual data sources.

With our OPENVAS brand, Greenbone is one of the world’s leading open source providers in the IT security ecosystem. We make an active contribution to the development of sustainable, decentralised infrastructures for the provision of vulnerability information – and are already focusing on future-proof concepts that effectively protect our customers from security risks.

Our sovereign data approach includes the following measures, among others:

  • Broad source diversification: Our Systems and our security research team monitor a large number of international information sources in order to be able to react promptly to new threats independently of the official CVE process – even if there is no official CVE entry yet.
  • Integration of alternative databases: We integrate independent vulnerability catalogues such as the European Vulnerability Database (EUVD) into our systems in order to create a stable and geographically diversified information basis.
  • Promotion of open standards: We actively support the dissemination of the CSAF standard (Common Security Advisory Framework), which enables the decentralised and federated distribution of vulnerability information.

These measures ensure that our customers retain unrestricted access to up-to-date vulnerability information, even in the event of changes in the international data ecosystem. This ensures that your IT systems remain fully protected in the future.

Greenbone stands for independent, sovereign and future-proof weak-point supply – even in a changing geopolitical environment.

Contact Test Now Buy Here Back to Overview

/by
Greenbone AG

Intuitive and Clear: Complete Overview of the Security Situation of Your IT Infrastructure – for all Decision-Making Levels

Our newly developed product OPENVAS REPORT integrates the data from practically any number of Greenbone Enterprise Appliances and brings it into a clearly structured dashboard. The user-friendly and comprehensive interface considerably simplifies the protection and safeguarding of even large networks.

Greenbone AG has been developing leading open source technologies for automated vulnerability management since 2008. More than 100,000 installations worldwide rely on the Greenbone community and enterprise editions to strengthen their cyber resilience.

“OPENVAS REPORT stands for innovation from the open source market leader.”

With our new product, we are decisively shortening the path from current security knowledge to the ability to act – faster, clearer and more flexible than ever before,” explains Dr. Jan-Oliver Wagner, CEO of Greenbone AG.

Recognize Hazardous Situations Faster and More Effectively

To protect your digital infrastructures, it is crucial to keep up to date with security-relevant events and to keep the response time to critical incidents as short as possible.

OPENVAS REPORT provides a daily updated, complete overview of the security situation of your IT infrastructure – for all decision-making levels.

Thanks to the connected Greenbone Enterprise Appliances, OPENVAS REPORT automatically recognizes computers and software in the company. Users can mark these with keywords and group and sort them as required – thus maintaining an overview even in very large networks.

Modern, User-friendly Dashboard

The OPENVAS REPORT Dashboard offers modern, user-friendly and highly flexible access for users who work with it on a daily basis. For example, filtering or sorting according to the general severity or specific risk of the vulnerabilities is possible. Companies can thus put together their own customized views, which always show an up-to-date picture of the risk situation in the company network.

Complete Overview

OPENVAS REPORT allows you to record and evaluate your company’s security situation at a glance. Thanks to its simple, clear user guidance, it prepares even the most complex data in a readable and understandable way, thus speeding up decision-making in critical situations.

With flexible and customizable filter options, OPENVAS REPORT considerably simplifies the day-to-day work of administrators and security officers.

Flexible Interfaces

The extensive export functions allow OPENVAS REPORT to be integrated even more deeply into the infrastructure, for example to process external data with OPENVAS REPORT.

Function Added value for your company
Comprehensive asset visibility Complete overview of all IT assets and their vulnerabilities in a single interface – for a complete assessment of your current security situation.
User-friendly dashboards A clearly structured, interactive dashboard makes complex vulnerability information understandable at a glance and accelerates well-founded decisions.
Flexible data processing A wide range of export, API and automation options can be seamlessly integrated into existing workflows and adapted to individual operational requirements.
Efficient data consolidation Aggregates results from multiple scanners and locations in a central database – reduces administrative effort and improves response time.
Customizable classification of vulnerabilities The severity levels and freely definable tags make it possible to precisely map internal compliance and risk models.
Extended reporting functions Target group-specific reports (C-Level, Audit, Operations) can be generated at the touch of a button: filters and drill-down links provide focused insights into critical security problems.

Learn More

Are you interested in a demo or a quote? Contact our sales team and find out more about OPENVAS REPORT. Write to us:sales@greenbone.net or contact us directly. We will be happy to help you!

Contact Test Now Buy Here Back to Overview

/by
Markus Feilner

Dennis-Kenji Kipker about the future of NIS2 in Germany and Europe

With the new elections, the implementation of NIS2 in Germany appears to have been halted for the time being. While other European countries are already ready, German companies will have to wait several more months until legal certainty is established. Everything has actually been said, templates have been drawn up, but the change of government means a new start is necessary.

We spoke to one of the leading experts on NIS2: Dennis-Kenji Kipker is Scientific Director of the cyberintelligence.institute in Frankfurt/Main, professor at the Riga Graduate School of Law and regularly consults as an expert at the German Federal Office for Information Security (BSI) and many other public and scientific institutions.

Why did the German government reject the final NIS2 draft?

Portrait of Prof. Dr. Dennis-Kenji Kipker, expert in IT law and cyber security, in an interview on the implementation of the NIS2 Directive

Prof. Dr. Dennis-Kenji Kipker

Kipker: This is due to the so-called discontinuity principle. Just like with the old government, all unfinished projects must be archived. “Due to the early elections, the parliamentary procedure for the NIS2UmsuCG could not be completed” is the official term. In line with the principle of discontinuity, when a newly elected Bundestag is constituted, all bills not yet passed by the old Bundestag must be reintroduced and renegotiated. This means that the work already done on NIS2 will fall by the wayside. But you can of course build on this and reintroduce almost the same text.

Will that happen?

Kipker: There is an internal 100-day plan from the Federal Ministry of the Interior for the period after the election. According to rumors, cybersecurity is a very high priority in the plan, and NIS2 in particular is now to be implemented very quickly. If this can be implemented before fall/winter 2025 (the actual current schedule), Germany will at least avoid the embarrassment of bringing up the rear in Europe.

Is that realistic?

Kipker: You would have to recycle a lot, i.e. take over things from the last legislative period despite the principle of discontinuity. Now, it seems that the current Ministry of the Interior wants to do just that. Only the politicians and officials directly involved know whether this is realistic. However, 100 days seems very ambitious to me in the Berlin political scene, even if everyone involved pulls together. There would need to be a budget, the current NIS2UmsuCG draft would need to be revised and addressed but also finalized, and the German scope of application of the law would need to be clarified and aligned with EU law. Furthermore, at the end of 2024 and the beginning of 2025, attempts were still being made to push through many things in the Bundestag after the expert hearing on NIS2, some of which are rather questionable. In any case, this would have to be renegotiated politically and evaluated technically.

When do you think this will happen?

Kipker: It’s hard to say, but even if you break the 100-day deadline, it should be feasible to complete a national NIS2 implementation before the winter of 2025/2026. But that’s just a very preliminary assumption that I keep hearing from “usually well-informed circles”. One way or another, we will be at the bottom of the league when it comes to Europe-wide implementation, and all the current ambitions won’t change that.

And what is the situation like in other European countries?

Kipker: A lot is happening right now. It has been recognized, for example, that the different national implementations of NIS2 lead to frictional losses and additional costs for the affected companies – that’s not really surprising. A few weeks ago, the European Union Agency For Cybersecurity (ENISA) published a report that is well worth reading, which explains and evaluates the maturity and criticality of relevant NIS2 sectors in a European comparison. “NIS360 is intended to support Member States and national authorities in identifying gaps and prioritizing resources”, writes the EU cybersecurity authority. And we at cyberintelligence.institute have produced a comprehensive study on behalf of the Swiss company Asea Brown Boveri, which also takes a closer look at the EU-wide implementation of the NIS2 directive.

What key insight did you gain there?

Kipker: The Comparison Report is primarily aimed at transnationally operating companies that are looking for a first point of contact for cybersecurity compliance. Above all, there is a lack of central administrative responsibilities in the sense of a “one-stop store”, and the diverging implementation deadlines are causing problems for companies. As of the end of January, only nine EU states had transposed NIS2 into national law, while the legislative process had not yet been completed in 18 other states. Another key insight: Just because I am NIS2-compliant in one EU member state does not necessarily mean that this also applies to another member state.

So, Germany may not be a pioneer, but it is not lagging behind either?

Kipker: We are definitely not at the forefront, but if we manage to implement it nationally this year, we may not be the last, but we will be among the last. My guess in this respect now is that we won’t have really reliable results until the fourth quarter of 2025. So, it’s going to be close to avoid being left in the red after all. Politicians will have to decide whether this can meet our requirements in terms of cyber security and digital resilience.

Where can affected companies find out about the current status?

Kipker: There are ongoing events and opportunities for participation. On March 18, for example, there will be a BSI information event (in German language) where you can ask about the plans. Then, in May 2025, there will also be the NIS-2 Congress right next door to us in Frankfurt, for which the “most recognized NIS-2 Community Leader” has just been selected. There will certainly be one or two interesting tidbits of information to pick up here. Otherwise, feel free to contact me at any time if you have any questions about NIS2!

Contact Test Now Buy Here Back to Overview

/by
Markus Feilner

NIS2: Implementation Delayed but Stay on Course

While the German government has yet to implement the necessary adjustments for the NIS2 directive, organizations shouldn’t lose momentum. Although the enforcement is now expected in Spring 2025 instead of October 2024, the core requirements remain unchanged. While there remains a lot of work for companies, especially operators of critical infrastructure, most of it is clear and well-defined. Organizations must still focus on robust vulnerability management, such as that offered by Greenbone.

Missed Deadlines and the Need for Action

Initially, Germany was supposed to introduce the NIS2 compliance law by October 17, 2024, but the latest drafts failed to gain approval, and even the Ministry of the Interior does not anticipate a timely implementation. If the parliamentary process proceeds swiftly, the law could take effect by Q1 2025, the Ministry announced.

A recent study by techconsult (only in German), commissioned by Plusnet, reveals that while 67% of companies expect cyberattacks to increase, many of them still lack full compliance. NIS2 mandates robust security measures, regular risk assessments and rapid response to incidents. Organizations must report security breaches within 24 hours and deploy advanced detection systems, especially those already covered under the previous NIS1 framework.

Increased Security Budgets and Challenges

84% of organizations plan to increase their security spending, with larger enterprises projecting up to a 12% rise. Yet only 29% have fully implemented the necessary measures, citing workforce shortages and lack of awareness as key obstacles. The upcoming NIS2 directive presents not only a compliance challenge but also an opportunity to strengthen cyber resilience and gain customer trust. Therefore, 34% of organizations will invest in vulnerability management in the future.

Despite clear directives from the EU, political delays are undermining the urgency. The Bundesrechnungshof and other institutions have criticized the proposed exemptions for government agencies, which could weaken overall cybersecurity efforts. Meanwhile, the healthcare sector faces its own set of challenges, with some facilities granted extended transition periods until 2030.

Invest now to Stay Ahead

Latest since the NIS2 regulations impend, businesses are aware of the risks and are willing to invest in their security infrastructure. As government action lags, companies must take proactive measures. Effective vulnerability management solutions, like those provided by Greenbone, are critical to maintaining compliance and security.

Contact Test Now Buy Here Back to Overview

/by
Greenbone AG

Vulnerability management in 12 minutes

Why is Greenbone not a security provider like any other? How did Greenbone come about and what impact does Greenbone’s long history have on the quality of its vulnerability scanners and the security of its customers? The new video “Demystify Greenbone” provides answers to these questions in an twelve-minute overview. It shows why experts need […]

Read more
/by
Markus Feilner

Protection of Office Suites: Greenbone Integrates Additional BSI Basic and CIS Guidelines

The IT-Grundschutz-Compendium of the Federal Office for Information Security (BSI) has, in recent years, provided clear guidelines for users of Microsoft Office. Since April 2024, Greenbone’s enterprise products have integrated tests to verify whether a company is implementing these instructions. The BSI guidelines are aligned with the Center for Internet Security (CIS) guidelines.

In the section “APP:Applications 1.1. Office Products” the BSI specifies the “requirements for the functionality of Office product components.” The goal is to protect the data processed and used by the Office software. While Microsoft Office is likely the primary reference due to its widespread market penetration, the model behind the BSI guidelines aims to apply to any office product “that is locally installed and used to view, edit, or create documents, excluding email applications.”

BSI Guidelines

The module explicitly builds on the requirements of the “APP.6 General Software” component and refers to the modules “APP.5.3 General Email Client,” “APP.4.3 Relational Databases,” and “OPS.2.2 Cloud Usage,” although it expressly does not consider these.

The BSI identifies three main threats to Office suites:

  • Lack of customization of Office products to the institution’s needs
  • Malicious content in Office documents
  • Loss of integrity of Office documents

The components listed in the BSI IT-Grundschutz-Compendium include 16 points, some of which have since been removed. Greenbone has developed several hundred tests, primarily addressing five of the basic requirements, including “Secure opening of documents from external sources” (APP.1.1. A3) and “Use of encryption and digital signatures” listed in APP.1.1. A15. The BSI specifies:

“All documents obtained from external sources MUST be checked for malware before being opened. All file formats deemed problematic and all unnecessary within the institution MUST be banned. If possible, they SHOULD be blocked. Technical measures SHOULD enforce that documents from external sources are checked.”

Regarding encryption, it states: “Data with increased protection requirements SHOULD only be stored or transmitted in encrypted form. Before using an encryption method integrated into an Office product, it SHOULD be checked whether it offers sufficient protection. Additionally, a method SHOULD be used that allows macros and documents to be digitally signed.”

CIS Guidelines Enhance Basic Protection

In addition to the requirements listed in the BSI Basic Protection Manual, the CIS Benchmark from the Center for Internet Security (CIS) for Microsoft Office includes further and more specific suggestions for securing Microsoft products. The CIS guidelines are developed by a community of security experts and represent a consensus-based best practice collection for Microsoft Office.

As one of the first and only vulnerability management providers, Greenbone now offers tests on security-relevant features mentioned in the CIS guidelines, uniting CIS and BSI instructions in numerous, sometimes in-depth tests, such as on ActiveX Control Initialization in Microsoft Office. The Greenbone Vulnerability Management tests whether this switch is set to “enabled”, but also many other settings, for example, whether “Always prevent untrusted Microsoft Query files from opening” is set to “Enabled” among many others.

Many tests focus on external content, integrating macros, and whether and how these external contents are signed, verifiable, and thus trustworthy or not, and whether administrators have done their homework in configuring Microsoft Office. According to the BSI, one of the most significant threats (and the first mentioned) is the lack of adaptation of Office products to the reality and the business processes in the company. Greenbone’s new tests ensure efficient compliance with regulations, making it harder for attackers and malware to establish a foothold and cause damage in the company.

Contact Test Now Buy Here Back to Overview

/by
Greenbone AG

PITS 2024 Public IT Security

Save the date: The “German Congress for IT and Cyber Security in Government and Administration” (June 12 to 13, 2024) provides information on current trends, strategies and solutions in IT security.

In the main program: “IT support for early crisis detection” (Moderation: Dr. Eva-Charlotte Proll, Editor-in-Chief and Publisher, Behörden Spiegel).

Participants:

  • Dr. Jan-Oliver Wagner, Chief Executive Officer Greenbone
  • Carsten Meywirth, Head of the Cybercrime Division, Federal Criminal Police Office
  • Generalmajor Dr. Michael Färber, Head of Planning and Digitization, Cyber & Information Space Command
  • Katrin Giebel, Branch Manager, VITAKO Bundesverband kommunaler IT-Dienstleister e.V.
  • Dr. Dirk Häger, Head of the Operational Cybersecurity Department, Federal Office for Information Security (BSI)

Where? Berlin, Hotel Adlon Kempinski, Unter den Linden 77
When? 13.06.2024; 9:40 a.m.

Vulnerabilities in IT systems are increasingly being exploited by malicious attackers. You can protect your IT systems with vulnerability management. Visit us in our lounge at stand 44 – we look forward to seeing you!

Registration: https://www.public-it-security.de/anmeldung/

Contact Test Now Buy Here Back to Overview

/by
Greenbone AG

The Confluence of Open Source and Cybersecurity in companies: Insights from Greenbone at #OSXP2023 in Paris

International panel discussion on effective cybersecurity at #OSXP2023

At the esteemed #OSXP2023 event, that took place in Paris, our participation in the “Cybersécurité et open source” roundtable brought forward critical discussions on improving cybersecurity in companies. The panel, including distinguished experts from the academic and governmental sectors, delved into strategies and points of vigilance essential for robust cybersecurity.

Panel discussion at the Open Source Experience 2023 in Paris on 'Cybersécurité et open source' with international experts and audience.

1. The Mindset of Security

Security by Design: A Leadership Commitment

  • The panel emphasized the importance of incorporating security from the initial stages of development. This approach requires a commitment from the top management to prioritize security in all business operations.

A Mentality Focused on Secure and Protected Solutions

  • Companies must cultivate a culture where security is an integral part of the thinking process, aiming to deliver solutions that are inherently secure and protected.

2. Implementing Key Processes

Adherence to Standards and Automation

  • The importance of adhering to established cybersecurity standards was underscored, with a recommendation to automate processes wherever possible to ensure consistency and efficiency.

No Deployment Without Security Compliance

  • It was strongly advised that no deployments or actions should proceed without meeting the necessary security requirements.

3. Resources: Empowering Teams and Enhancing Vigilance

Dedicated Security Teams and Training

  • Having specialized security teams and conducting regular training sessions were identified as crucial for maintaining a high level of security awareness and preparedness.

Vigilance as a Continuous Effort

  • Continuous vigilance was highlighted as a key resource, ensuring that security measures are always up-to-date and effective.

4. Essential Tools and Technologies

Mandatory Multi-Factor Authentication (MFA)

  • Implementing MFA as a compulsory measure we recommend enhancing account security significantly.

Vulnerability Scanners and Dependance Management

  • Utilizing vulnerability scanners and managing dependencies and configurations were suggested as vital tools. While platforms like GitHub Enterprise may be costly, they offer comprehensive solutions for these needs.

Conclusion: Education, Awareness, and the Use of Open-Source Tools

In conclusion, the panel at #OSXP2023, including our expert Corentin Bardin, a cyber security specialist and pen tester, highlighted the importance of continuous education and staying updated in the rapidly evolving cybersecurity landscape. They advocated for the use of open-source tools to bolster security measures.

The key takeaway from the discussion is the commitment to offering secure services. It’s not just about the tools and processes; it’s about the mindset and ongoing effort to stay vigilant and informed.


Contact Free Trial Buy Here Back to Overview

/by
Elmar Geese

Supposedly pro-Russian hackers try to exploit Sharepoint vulnerability

Update from 2023-12-06:

Last week, we reported on pro-Russian hacktivists scanning for vulnerable SharePoint Servers to exploit a critical vulnerability (CVE-2023-29357).

New findings suggest that the group, calling themselves “Zarya”, is undertaking various exploit-attempts, including directory traversal and targeting specific vulnerabilities in systems such as OpenWRT-Routers. The IP address 212.113.106.100, associated with these activities, has been observed in several different exploit attempts. In addition to simple reconnaissance, specific attacks on configuration files and Admin-APIs have been detected. This case re-emphasizes the importance of securing systems against such threats and shows, how unprotected or poorly configured systems can become targets of such attacks.

A critical vulnerability for Sharepoint (CVE-2023-29357), is being targeted by presumably pro-Russian attackers who are trying to exploit this vulnerability.

The Internet Storm Center has discovered corresponding activity on its honeypots. The severity for this vulnerability is critical (a score of 9.8 out of 10), and the attack complexity is very low, making this vulnerability particularly dangerous. Greenbone customers can benefit from the automatic detection of this vulnerability in our Enterprise Feed. Microsoft offers a security update since June 12, 2023, Microsoft customers who missed the update should install it now.


Contact Free Trial Buy Here Back to Overview

/by