Home » today » Business » Dutch companies have been hacked, although this could have been reported – Computer – News

Dutch companies have been hacked, although this could have been reported – Computer – News

by

Several Dutch companies have not been informed about a vulnerability and have therefore been hacked. The National Cyber ​​Security Center was informed, but took no action because it was not about vital companies.

At the beginning of this month, a hacker published the credentials of Pulse Secure accounts of more than 900 companies, reported ZDNet. That is business VPN software, which was discovered a leak last year. A patch has been available for a long time, but the affected companies have not installed that update.

The publication also contained VPN login details of various Dutch companies, writes the Financieel Dagblad. According to the newspaper, these include a subsidiary of industry group VDL, data center company ITB2 and wholesaler Coen Bakker Deco, which specializes in Christmas decorations.

After the vulnerability in Pulse Secure was disclosed last year, security researchers, including Matthijs Koot, found hundreds of vulnerable companies in the Netherlands. Koot sent his findings to the NCSC because it was not feasible to approach the companies individually.

The NCSC largely threw away the information, because the government body only looks at companies in vital sectors, such as banks and telecom companies. Koot tells the FD that because of this there are now all kinds of passwords on the street, while that could have been prevented.

A spokesman for the NCSC tells the newspaper that it has done everything ‘within the legal possibilities’ to inform organizations. Organizations ‘outside the legal mandate’ cannot be informed, according to the authority. Koot is angry about this and denounces the NCSC’s passive attitude. He argues that, for example, ransomware attacks on non-vital companies could still infect vital companies.

Koot is affiliated with the Dutch Institute for Vulnerability Disclosure. That initiative was founded late last year with the goal of notifying companies of critical vulnerabilities, but it doesn’t have the resources to call everyone. Reports from foreign researchers also often only reach the NCSC, says the researcher.

The NCSC warned late last year that many Dutch companies were still vulnerable because they used outdated VPN software. However, that was a general warning, the affected companies were not individually informed. The affected companies mentioned by FD have since been notified and have updated their systems.

Related posts:

Quebec Mayors Call for Change in Hostile Political Climate
Judgment against ex-Ganderkeseer: financial intermediary now has to pay himself
Left-wing extremist Lina E. released from custody after serving 2.5 years of 5-year sentence
Debt victims in benefits affair with government agencies forgiven

The court revokes Meroni from possession of property seized in Lemberg’s criminal proceedings

Security researchers release anti Emotet “vaccine” for six months

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.