GDPR

Microsoft-security-update

Microsoft Security Update February 2022

Microsoft has released fixes for 51 new CVE’s this month.

Microsoft Security Update January 2022

For the first patch Tuesday of the year Microsoft released patches for 96 vulnerabilities. Of these CVE’s 9 are rated as critical

Microsoft Security Update December 2021

The last patch Tuesday of the year. This month 67 patches for new CVEs were released by Microsoft. That brings the yearly total up to 887 patches.

Microsoft Security Update October 2021

71 CVEs have been fixed this patch Tuesday, on top of this 8 Microsoft Edge and 3 OpenSSL patches were released earlier this month. This is also the first patch...

Microsoft Security Update August 2021

A smaller patch this month, with fixes for 44 CVEs. But don’t let your guard down as Microsoft reported 2 publicly known vulnerabilities and even 1 that is currently being...

Microsoft Security Update July 2021

Patches for 117 CVEs were released this month by Microsoft. 13 of these are rated as critical also 6 of these exploits are publicly known and 4 are reported being...

Microsoft Security Update June 2021

Microsoft released patches for 50 CVEs this month, 5 are rated as critical and the others as important. An unusually high amount of bugs are reported to be publicly exploited...

Microsoft Security Update May 2021

Microsoft released patches for 55 CVEs this month of which 26 are rated as critical. This makes it a slower month than usual but there are still some very important...

Microsoft Security Update April 2021

Patches for 114 CVEs were released this month which makes this the busiest month of 2021 so far. Of these bugs, 19 are rated as critical. 1 bug is currently...

Microsoft Security Update March 2021

The third Patch Tuesday of the week brings more exploited vulnerabilities than usual so this is definitely one to pay attention to. A few of the CVEs were actually released...

Microsoft Security Update February 2021

For the second patch of 2021 we have 56 CVEs to look at. 11 of these vulnerabilities have been rated as critical and 43 as important. While the number of...

Microsoft Security Update January 2021

The first patch Tuesday of 2021! The blog team wishes you all the best for this new year. We kick the year off with 83 bugfixes this patch including one...

Microsoft Security Update December 2020

We end 2020 with a slower month, as per usual for December patches. 58 vulnerabilities have been addressed this final month of the year, of which 9 are rated critical...

Microsoft Security Update November 2020

The second Tuesday of the month is upon us again which means Microsoft has released its patch for this month, it provides fixes for 112 vulnerabilities. 17 patches have been...

Microsoft Security Update October 2020

As every second Tuesday of the month, the Microsoft security patch has arrived. This month’s patch brings fixes for 87 vulnerabilities, 11 of which are rated critical and 75 are...

Microsoft Security Update September 2020

This Patch Tuesday fixes 129 known vulnerabilities of which 23 are rated as critical.

Microsoft Security Update August 2020

This Patch Tuesday provides fixes for 120 vulnerabilities of which 17 are classified as critical and 103 as important. The update also provides a fix for 2 zero-day vulnerabilities that...

Microsoft Security Update July 2020

Every second Tuesday of the month, Microsoft releases a security update for all their software products. The update released on 14 July 2020 affects Windows, Microsoft’s web browsers and office...

Microsoft

My journey to the AZ-5OO certificate

Hi, my name is Enes Murat Kokcu, I’m a part of the Ordina security unit.

Microsoft Security Update February 2022

Microsoft has released fixes for 51 new CVE’s this month.

Microsoft Security Update January 2022

For the first patch Tuesday of the year Microsoft released patches for 96 vulnerabilities. Of these CVE’s 9 are rated as critical

Microsoft Security Update December 2021

The last patch Tuesday of the year. This month 67 patches for new CVEs were released by Microsoft. That brings the yearly total up to 887 patches.

Microsoft Security Update October 2021

71 CVEs have been fixed this patch Tuesday, on top of this 8 Microsoft Edge and 3 OpenSSL patches were released earlier this month. This is also the first patch...

Microsoft Security Update August 2021

A smaller patch this month, with fixes for 44 CVEs. But don’t let your guard down as Microsoft reported 2 publicly known vulnerabilities and even 1 that is currently being...

Microsoft Security Update July 2021

Patches for 117 CVEs were released this month by Microsoft. 13 of these are rated as critical also 6 of these exploits are publicly known and 4 are reported being...

Microsoft Security Update June 2021

Microsoft released patches for 50 CVEs this month, 5 are rated as critical and the others as important. An unusually high amount of bugs are reported to be publicly exploited...

Microsoft Security Update May 2021

Microsoft released patches for 55 CVEs this month of which 26 are rated as critical. This makes it a slower month than usual but there are still some very important...

Microsoft Security Update April 2021

Patches for 114 CVEs were released this month which makes this the busiest month of 2021 so far. Of these bugs, 19 are rated as critical. 1 bug is currently...

Microsoft Security Update March 2021

The third Patch Tuesday of the week brings more exploited vulnerabilities than usual so this is definitely one to pay attention to. A few of the CVEs were actually released...

Microsoft Security Update February 2021

For the second patch of 2021 we have 56 CVEs to look at. 11 of these vulnerabilities have been rated as critical and 43 as important. While the number of...

Microsoft Security Update January 2021

The first patch Tuesday of 2021! The blog team wishes you all the best for this new year. We kick the year off with 83 bugfixes this patch including one...

Microsoft Security Update December 2020

We end 2020 with a slower month, as per usual for December patches. 58 vulnerabilities have been addressed this final month of the year, of which 9 are rated critical...

Microsoft Security Update November 2020

The second Tuesday of the month is upon us again which means Microsoft has released its patch for this month, it provides fixes for 112 vulnerabilities. 17 patches have been...

Microsoft Security Update October 2020

As every second Tuesday of the month, the Microsoft security patch has arrived. This month’s patch brings fixes for 87 vulnerabilities, 11 of which are rated critical and 75 are...

Microsoft Security Update September 2020

This Patch Tuesday fixes 129 known vulnerabilities of which 23 are rated as critical.

Microsoft Security Update August 2020

This Patch Tuesday provides fixes for 120 vulnerabilities of which 17 are classified as critical and 103 as important. The update also provides a fix for 2 zero-day vulnerabilities that...

Microsoft Security Update July 2020

Every second Tuesday of the month, Microsoft releases a security update for all their software products. The update released on 14 July 2020 affects Windows, Microsoft’s web browsers and office...

BCMS

BCMS5: Vendor Management - Don’t Forget to Confirm Business Priority of Your Vendors

Vendor Management (Third Party Management or Supplier Management) is a popular topic in the information security world these days. Security in leading companies has been little by little but certainly...

BCMS4: BIA is not a Risk Assessment

One of the most common but critical misconceptions around Business Continuity Management is confusion of Business Impact Analysis (BIA) with Risk Assessment. Both are key elements of the Business Continuity...

Why Cloud does not automatically mean you have a BCP/DRP

On 10 March 2021, there was a fire at a cloud datacenter owned by the largest hosting provider in Europe, OVH. The fire was brought under control within hours, but...

BCMS3: What is Disaster Recovery Management

If you are familiar with the Business Continuity Management (BCM) system, then you may know the terms Disaster Recovery Management (DRM) and Disaster Recovery Plan (DRP). Both BCM and DRM...

BCMS2: Begin from Minimum, but Keep Developing

Do you think developing Business Continuity Management System (BCMS) is a hard challenge? This may be because you know some BCMSs contain detailed processes and lots of documentation. I would...

BCMS Part 1: Business Continuity Management is crucial for any type of hazard

In Japan where I used to work, a Business Continuity Management System (BCMS) is a common business function. Due to its geographical setting, Japan has repeatedly been impacted by natural...

our-consultants

Meet our consultant: Emmanouil Perselis

Emmanouil is a talented penetration tester who also has experience in a variety of other cybersecurity areas. Let’s see how he has gotten to this point.

interview

Tim's first year as a Security Consultant at Ordina

Last year around July, I was looking for a job and Ordina caught my eye. Especially its security area looked very interesting, so I scheduled a meeting to see if...

My internship at Ordina: Kevin De Vijlder

Firstly please tell us about your background. I am a 25 year old computer science student from UCLL. My first career choice was to become a software developer. But after...

My internship at Ordina: Tom De Wandel

My name is Tom De Wandel, a Cyber Security Professional student at Howest Bruges. To finish my stud-ies, I had to do a 3-month-during internship in an ICT company. Ordina...

My internship at Ordina: Katerina Stavrinoudis

Katerina is a university student who studies Computer Science. She assessed vulnerabilities of our internal network as her internship assignment.

My internship at Ordina: Robin Bruynseels

Robin is studying Cloud and Cybersecurity at his university. To conclude his achievement, he had an internship at Ordina Security & Privacy unit.

My internship at Ordina: Thomas Hayen

Thomas is a university student who has ambition in red teaming. He had an internship at Ordina Security & Privacy unit for three months.

Meet our consultant: Emmanouil Perselis

Emmanouil is a talented penetration tester who also has experience in a variety of other cybersecurity areas. Let’s see how he has gotten to this point.

Audit

The perception of audit

Audits are not there to tell people they are doing a bad job. Audits are not there to blame people.

Compliance

The perception of audit

Audits are not there to tell people they are doing a bad job. Audits are not there to blame people.

Cybercrime

Belgian ICT crime statistics 2000-2019

At the start of this year, the 13th of January to be precise, West-Flemish weaving machine producer Picanol fell victim to a large-scale ransomware attack. The production lines in several...

ransomware

Ransomware: If you became victim of a ransomware

Even if you effectively maintain preventive measures, you still could become a ransomware victim some-day in the future. Here are some important points you must keep in mind in case...

Ransomware: So….what can be done against it?

As the old saying goes, to prevent is better than to cure. In order to prevent ransomware, we need to know what the most common attack vectors (methods) are and...

Ransomware: “Another one bites the dust”

“Another one bites the dust” by Queen – it is one of my favorite songs and coincidentally one of my first thoughts when I hear that another organization has fallen...

How did ransomware get so bad?

Do we understand at all levels the importance of Cyber Security nowadays? For some, Cyber Security and its awareness is well understood, for others, it is yet a work in...

cybercrime

Ransomware: If you became victim of a ransomware

Even if you effectively maintain preventive measures, you still could become a ransomware victim some-day in the future. Here are some important points you must keep in mind in case...

Looking back on the SolarWinds Fallout

The phrase “A chain is only as strong as its weakest link” is commonly used in the cyber security world how only one weak entry point is needed for a...

Ransomware: So….what can be done against it?

As the old saying goes, to prevent is better than to cure. In order to prevent ransomware, we need to know what the most common attack vectors (methods) are and...

Ransomware: “Another one bites the dust”

“Another one bites the dust” by Queen – it is one of my favorite songs and coincidentally one of my first thoughts when I hear that another organization has fallen...

Ordina

Tim's first year as a Security Consultant at Ordina

Last year around July, I was looking for a job and Ordina caught my eye. Especially its security area looked very interesting, so I scheduled a meeting to see if...

My internship at Ordina: Kevin De Vijlder

Firstly please tell us about your background. I am a 25 year old computer science student from UCLL. My first career choice was to become a software developer. But after...

My internship at Ordina: Tom De Wandel

My name is Tom De Wandel, a Cyber Security Professional student at Howest Bruges. To finish my stud-ies, I had to do a 3-month-during internship in an ICT company. Ordina...

My internship at Ordina: Katerina Stavrinoudis

Katerina is a university student who studies Computer Science. She assessed vulnerabilities of our internal network as her internship assignment.

My internship at Ordina: Robin Bruynseels

Robin is studying Cloud and Cybersecurity at his university. To conclude his achievement, he had an internship at Ordina Security & Privacy unit.

My internship at Ordina: Thomas Hayen

Thomas is a university student who has ambition in red teaming. He had an internship at Ordina Security & Privacy unit for three months.

What is life like at Ordina?

After completing his master degree, Thomas joined Ordina Security and Privacy unit in 2020. Let’s see how he looks at Ordina and his career. Firstly please tell us about your...

disaster-recovery

Why Cloud does not automatically mean you have a BCP/DRP

On 10 March 2021, there was a fire at a cloud datacenter owned by the largest hosting provider in Europe, OVH. The fire was brought under control within hours, but...

personal-security

What is Endpoint Security?

An endpoint is any device that connects to the network such as laptops, desktops, tablets, IoT devices, smartphones, servers, workstations, printers, etc. These serve as the entry points for many...

Spring cleaning part 3: keep your “digital home” safe and clean

In the first installment of the spring cleaning series, we touched upon your digital footprint and how to protect your access. With this 3rd part of the spring cleaning series,...

Spring cleaning part 2: continuing our “digital home” checkup

In the first installment of the spring cleaning series, we touched upon your digital footprint and how to protect your access. In this second installment of the spring cleaning, we...

Spring cleaning: keep your “digital home” safe and clean

Spring is here – time to do a big spring clean-up. I’m referring to your “digital home”. Is your cyber hygiene up to date? If you are privacy conscious, you...

Redteaming

My Cyber War Story: Black Box Penetration Test Part 2

If you haven’t read it yet, you can find part 1 of this story here.

My Cyber War Story: Black Box Penetration Test Part 1

I got a request to perform a black box penetration test. The client was a multinational company with a presence in at least 5 countries. I had a limited experience...

project-management

Project Management Part 2: Tips That Might Help

Projects are set up in every field, especially in the Information Security field. They are created to work towards changes within a company in a controlled manner. Even though many...

Project Management Part 1: A Small Starter’s Guide

Projects are set up in every field, especially in the Information Security field. They are created to work towards changes within a company in a controlled manner. Even though many...

security-management

The European Union's defense against common cyber attacks part 1: The Budapest convention and the EU's strategies

Cyber security is a major global issue, and it is the case in Europe. In order to deal cyber threats, it is important to know how the European Union (EU)...

What is the EU Digital Operational Resilience Act (DORA)?

On 16 January 2023, the EU Digital Operational Resilience Act (DORA) entered into force. It will apply from 17 January 2025 and the requirements will become mandatory. The DORA consolidates...

Risk Management for Security Professionals 2: Internal Control and Risk Management

In the previous article, I explained risk may include positive risks and risk management is indivisible from the business strategy. In this article, we will think risk management from the...

Risk Management for Security Professionals 1 : What is Risk?

Security is an important topic for many companies but if you think only security is the matter, you may go too far or wrong direction. Through this blog series, I...

Timescales for ISO/IEC 27001 Transition have been Formally Announced

The International Accreditation Forum issued Transition Requirements for ISO/IEC 27001:2022 on 9th August 2022. ISO/IEC 27001 Information Security Management is one of the most common ISMS (Information Security Management System)...

Vulnerability in Gitlab

Article by Bram Patelski of Ordina Netherlands

The 2022 update to ISO/IEC 27001/2

A new version of the globally accepted set of security control guidelines, ISO/IEC 27002:2022 was published on 15 February 2022. ISO/IEC 27002 is a part of the ISO/IEC 27000 series...

Reducing risk with Privileged Access Management

IAM (Identity and Access Management) has become a high priority issue for many companies. IAM is the process of ensuring that everyone has the right access at any time within...

Information security governance

Does the board of directors understand the organisation’s dependence on information technologies? Does the organisation recognise the importance of information security and provide support at a high level? Does the...

Why cybersecurity incident response is critical for any company

It is nothing special to hear about a cybersecurity incident; cybersecurity has become one of the most important aspects of any company that has IT systems.

What is Endpoint Security?

An endpoint is any device that connects to the network such as laptops, desktops, tablets, IoT devices, smartphones, servers, workstations, printers, etc. These serve as the entry points for many...

ISO 27001 vs NIST 800-53: which one is more suitable for your company?

There are two methodologies for IT security guidance: ISO 27001 (ISO/IEC 27001 Information Security Management) and NIST 800-53 (Security and Privacy Controls for Information Systems and Organizations). How do you...

What is Shadow IT?

Shadow IT is the use of IT systems without the knowledge of the IT or security group within the organisation. Software is an example, and as not all programs are...

redteaming

Pentesting from a business perspective; Why and How?

Nowadays, 3 words are enough to shake up a company; “We got hacked”. Admittingly, there are more elaborate ways to explain such a situation, but you get the gist. I...

penetration-test

Pentesting from a business perspective; Why and How?

Nowadays, 3 words are enough to shake up a company; “We got hacked”. Admittingly, there are more elaborate ways to explain such a situation, but you get the gist. I...

Privacy

Privacy for security professionals 2 : How to embed privacy requirements in the design of new systems & applications

How can I determine whether GDPR is applicable or not for an application/system? Without going into ‘territorial’ details, the answer is rather simple: if your application/system is processing(*) personal data,...

Privacy for security professionals 1 : Is a userID considered personal data?

The boundaries between security & privacy are blurring. Today security professionals are expected to have experience in both fields and to be able to advise on cases related to protection...