Exactly which companies are involved has not been disclosed for security reasons. This involves many IT companies, a large hospital and a listed company.
A day after it became known that there was a vulnerability in the VPN connection of provider Pulse Secure, it appears that another provider, Fortigate VPN, is struggling with such problems. With a VPN, employees can, for example, log into the internal network of a company from home. According to Reporter Radio, the leak has not yet been closed and almost nine hundred companies and institutions are at risk.
Exactly which companies are involved has not been disclosed for security reasons. It would concern ‘a striking number of IT companies’, various healthcare institutions, including a large hospital, educational institutions and a listed company. The list also includes companies with which the government does business. The National Cyber Security Center (NCSC) has warned firms and institutions.
Fortigate carried out an update in May to close the leak, but these companies and institutions have not yet installed it. According to Reporter Radio, the vulnerability at Fortigate has been “abused on a large scale worldwide” in recent weeks, but it is not known whether this is the case in the Netherlands.
Schiphol vulnerable
De Volkskrant revealed on Saturday that there was a leak in the VPN from Pulse Secure. The leak was closed, but before that Shell, KLM and Schiphol were vulnerable to visits from people from outside. The systems of the Ministry of Justice and Safety and Air Traffic Control the Netherlands were also unguarded.
The VPN provider discovered the leak in March, after which an update was issued a month later. By the end of August, not all companies had implemented the update, after which Pulse Secure removed the important government institutions from the VPN. Still 140 systems have not been updated.