Cyber4Z in short

Cyber4Z started in 2015 with two specialists experienced in the cybersecurity domain. We now have a team with various capabilities in the field of strategic and tactical design of cyber security, IT, Privacy and Blockchain technology.

In addition, we are involved in technical and tactical implementations of complex security challenges that focus on the acceptance of new technologies in a pragmatic way. With our expertise and experience, we can guarantee the business objectives of our clients. These are widely determined by laws and regulations, customer requirements and rules of compliance.

  • Predict

  • Prevent

  • Detect

  • Respond

  • Remediate

Who are we?

Our team consists of certified professionals. Quality is our top priority. The technical and tactical implementations we deliver from the strategic design can be externally certified against the ISO9001, ISO27001, NEN7510 or other standards. Therewith we can have our quality tested externally as well. In addition, we provide operational knowledge when it comes to technical security assessments such as penetration tests, project management, SOC / SIEM propositions with connecting services such as log management, vulnerability and compliance management, patch management, training in the field of privacy, security and blockchain technology.

More about Cyber4Z

Our clients

Monthly cybernote: June 2020

NCSC warns companies about vulnerable VPN software

There has been an increase in the number of scans by state actors for vulnerable VPN software and named SMEs are at risk, the government's National Cyber ​​Security Center (NCSC) warns. "The NCSC has learned from a reliable source that state actors in the Netherlands are still actively scanning for VPN vulnerabilities," the government agency said. This would include the VPN software from Pulse Secure and Fortinet.

According to the NCSC, many organizations have now taken measures to remedy the vulnerabilities in their VPN software. They are SMEs by name that have still not patched their VPN software. This includes brokers, consultancies, producers of goods, construction companies and other suppliers.

The NCSC advises organizations to provide the latest security updates about their VPN software. In case it cannot be established with certainty that attackers have already gained access to the VPN systems, it is recommended to delete all VPN accounts and create them with new passwords and preferably with new usernames. Furthermore, it is indicated to apply two-factor authentication and to check log files.

The NCSC warning is not an isolated one. U.S. Government Cyber ​​Security and Infrastructure Security Agency (CISA) increasingly attacks vulnerabilities in VPN software, primarily in Citrix software (CVE-2019-19781) and Pulse Secure (CVE-) 2019-11510). Last week, the Australian government released an overview of how attackers know how to invade systems. These included known vulnerabilities in Pulse Secure VPN, Fortigate SSL VPN, and Citrix Application Delivery Controller (ADC) / Citrix Gateway.