This article provides an update on how Schuberg Philis has handled this Log4J vulnerability and shares our perspective on what’s to come. While the situation in the Netherlands has been quiet so far, globally we’ve already seen the first signs of serious attacks making use of Log4Shell. Detailed guides are…

The Log4J vulnerability has commanded our full attention. This appears to be the biggest security event we have had to face yet. Why? Like sugar, Log4j is everywhere. Even hidden in products you didn’t expect it in. And when abused, there’s nothing healthy about it. What’s going on In simple…

Een veiligheidscultuur wel. — Op 10 juni verscheen in Trouw dit bericht met oorspronkelijk de titel “Informatiebeveiliger is geen Cyberheld”. In dit bericht haakt economie redacteur Hans Nauta, aan op een onderzoek onder voor de rijksoverheid werkende CISO’s van de Auditdienst Rijk (ADR). Nauta beschrijft de bevindingen uit het rapport in niet mis te…

We are all familiar with IT, short for Information Technology, “the use of computers to store, retrieve, transmit, and manipulate data or information.”[1] Computers are omnipresent in today’s society and are indeed mostly used to process information. However, that’s not the only thing computers are used for, they are increasingly…

Seccubus started with an off-hand remark by my colleague, Anton Opgenoort, that surely it would not be ‘that difficult to put Nessus in a crontab’. Now, 12+ years later I feel that the time has come for me to say goodbye to it. It has become increasingly hard to combine…

As I’m sitting on the plane back from 5 days of AWS, I’m reflecting back on this immersive experience. There is still a lot to process, but I would like to share a few general outlines and observations in this post. More AWSome then IaaS

On day four I got in line for the AWS Security Jam a Capture the flag type AWS security event. It was very interesting and educational to go through all the exercises to secure AWS infrastructure and applications. Unfortunately our team, called The Walk-in, only managed to avoid ending…

Yesterday’s Benelux drinks were a great success, so my day started a little bit later then usual ;)

My second day at re:Invent started with a talk titled “How to Automate Security Learning at Scale”. Unlike what you would expect from the title, this talk wasn’t about applying Machine Learning (ML), but what needs to be done to make the massive amount of data that is coming…