The ever changing AI powered NextGen security industry
Back in 2022, in an unexpected turn of events, the security industry was confronted with its future self. What followed was an intense discussion with heated back and forths that culminated in an industry that – granted, reluctantly – took a look in the mirror. Better times were promised – rational minds prevailed. But now, […]
The governance of the PQC transition in the EU
This intervention will analyse the aspects of the governance of the PQC transition in the EU. It will explore the relevant provisions in the EU legal acts containing general implicit requirements to adopt PQC (e.g. NIS2, CRA, GDPR, DORA, eIDAS2 and other) and how they are complimented by the various policy documents making specific references […]
Unveiling “Lucid” – A Silent Enabler of Financial Fraud
Unveiling “Lucid” – A Silent Enabler of Financial Fraud Lucid is a rising but under-the-radar Phishing-as-a-Service (PhaaS) platform that’s quietly fueling large-scale financial fraud across the globe. Built by Chinese-speaking threat actors, it supports phishing campaigns targeting over 200 organizations in 80+ countries, enabling cybercriminals to steal payment card data with ease. The group stands […]
Why do we underestimate ourselves in a digital world?
The human factor in cybersecurity is often portrayed as a flaw to be corrected. But in reality, the uniquely human abilities of emotional and informational intelligence—our capacity to read intent, detect manipulation, apply intuition, and judge nuance—are the very strengths we need most. In the rush for AI, automation, and scalable defenses, we risk neglecting […]
Bucket Leaks: From Exposure to Cloud Takeover
With the growing reliance on cloud services for storage and deployment, securing cloud environments has become critically important. Cloud storage solutions like AWS S3, Google Cloud Storage, and Azure Blob Storage are widely used to store vast amounts of data, including sensitive configuration files used in software development. These files often contain secrets such as […]
Researchers vs. Threat Actors in Cloud Attacks
Security researchers push the boundaries of what’s possible. (Nation-state) threat actors push the boundaries of what’s exploitable. In this talk, a cloud security researcher and a threat intelligence analyst team up to explore how cutting-edge cloud attack research is rapidly weaponized by espionage threat groups. We’ll walk through real-world examples where newly published techniques – […]
The Digital Edge in Modern Battlefield Conflict
This presentation explores the evolving role of cyber operations in modern conflict. It discusses cyber’s influence as the “5th domain,” leveraged by Russian aligned actors during the invasion of Ukraine. It delves into the nature of cyber operations, in alignment with kinetic actions. Additionally, highlighting their use in disrupting command and control, targeting critical infrastructure […]
The Attribution Minefield in Ransomware Investigations
Ransomware attacks pose a growing threat to both digital and physical infrastructures. When a ransomware incident occurs, victim organizations often face pressure to restore operations quickly—even if that means paying the ransom. However, payment introduces serious legal and financial risks: if the attacker is a sanctioned entity, making a payment could result in violation of […]
Succes & Failures in sharing data in pub-priv coalition
Share data in public – private collaboration, do analysis together and create and distribute the findings to all concerned organizations in the Netherlands. So we can make the Netherlands an unattractive target for digital attacks. Let’s change some organizational cultures, and develop, automate and secure the platform needed for this. Maybe we need some process […]
Scanning the Dutch Healthcare’s External Attack Surface
What are the riskiest technologies used in the Dutch healthcare sector? Do people still expose RDP? Is Dutch healthcare data processed inside the European Union? Z-CERT regularly scans many IPs and domains in use by the Dutch Healthcare sector. In this talk, we will share insights from performing External Attack Surface Management (EASM) on hundreds […]
