News and information about verinice.

Due to the current Corona developments, the organising team has decided to hold the verinice.XP 2022 as an online event. Participation in the digital conference on 23 & 24 February 2022 is free of charge. Registration is possible at https://verinicexp.org . The programme will be published at the end of 2021.

Presentation proposals can also be submitted until 17 December at https://verinicexp.org or by email to cfp@remove-this.verinicexp.org.

Workshops on various verinice topics are also planned for the day before the conference (Tuesday, 22 February 2022). We will inform you about the workshop programme shortly. Participation is possible independently of verinice.XP.

Last week, a critical vulnerability in the widely used logging library log4j 2 became known. The log4j versions included in the verinice.PRO server are not affected by the vulnerability!

The vulnerability is described in this article, among others: Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package and has the CVS number CVE-2021-44228 erhalten.

For more information, see the article in our verinice forum: https://forum.verinice.com/t/verinice-nicht-betroffen-von-log4j-schwachstelle/

However, on a verinice.PRO system there may be other Java applications in Tomcat that have not been installed by the verinice team. Since these applications may contain affected log4j versions, the team recommends including a parameter in the Tomcat configuration that prevents exploitation of the vulnerability in other applications. Again, see our forum post for details: https://forum.verinice.com/t/verinice-nicht-betroffen-von-log4j-schwachstelle/

Feel free to contact our team if you have any further questions.

Update (December 15th, 2021): Due to the current Corona developments, the organising team has decided to hold the verinice.XP 2022 as an online event. Participation in the digital conference is free of charge. 

The next verinice.XP will take place from February 22 & 23, 2022 – again on site in Berlin at the Radisson Blu Hotel. Organizer SerNet is looking forward to the direct exchange and meeting of the verinice community.

Early Bird tickets at a price of 399 euros are already available on the conference page at https://verinicexp.org . The program will be published in late 2021.

In addition, paper proposals can be submitted now at https://verinicexp.org or by email to cfp@remove-this.verinicexp.org. The verinice.XP team and the program committee will review the submissions - case studies on the use of verinice are especially sought after presentation topics.

Workshops

Workshops on various verinice topics are again planned for February 22, 2022. In small groups of participants, they are intended to enable intensive exchange with expert colleagues and speakers. We will publish the workshop program shortly. Participation is possible independently of verinice.XP.

About verinice.XP

For years, verinice.XP has been bringing together IT decision-makers, security managers and data protection officers from companies, institutions and public authorities. They are all united by their use of verinice  for information security management or data protection management. A social event is expected to take place on the evening of February 22, 2021 at the conference hotel. About the details - especially taking into account the then valid Corona requirements - we will inform them yet.

.

Version 1.23.1 of verinice is now available for download in the verinice.SHOP.

This update for verinice fixes an error when copying objects. In the single-user version of verinice 1.22.2 and 1.23, the function "Copy with links" could not be executed. Calling up the function is possible again in version 1.23.1.

verinice.PRO was not affected by the error. In the operating mode "Server", the function "Copy with links" can also be executed without errors in older versions. Therefore, no new verinice.PRO packages for 1.23.1 are published in the customer repository. On the server, the packages for 1.23.0 can still be used.

Please refer to the detailed release notes of version 1.23.x. for all further information.

From now on verinice and verinice.PRO version 1.23 are available for  download in verinice.SHOP or in customer repository respectively. The verinice.TEAM delivers with verinice 1.23 more than 30 new features, detail changes and bug fixes. These are described in detail in the release notes.

Among other things, verinice 1.23 now uses Java 11, and the Java Runtime Environment (JRE) from Adoptium (formerly AdoptOpenJDK) shipped with the client has been updated to the latest version. For this, update notes are listed in the release notes and must be followed.

To support newer operating systems, the RCP framework has been updated to version 2021-06 (4.20). verinice thus offers better support for the macOS Big Sur operating system in particular.

If you have any questions or need help with the update, feel free to contact us - including by email at verinice@remove-this.sernet.de. You are also welcome to exchange ideas with other users and the verinice team in the Forum (mainly German).

The date for the fall release of verinice is getting closer: Version 1.23 will be released in KW 40 (Oct. 4-8, 2021).

Users can look at the planned features for upcoming versions in the verinice.FORUM under "Roadmap". They can also suggest new features there or discuss specifications for already suggested features with the team as well as other verinice users.

The release of verinice 1.23 is scheduled shortly before it-sa. The IT security trade fair will be held in Nuremberg from October 12 to 14. The verinice team will be in Hall 7a, Booth 326, where they will be available to talk about verinice . The team will also be happy to provide information about verinice.veo - the new verinice generation - at it-sa. Use our contact form or send us an email to itsa@sernet.de if you would like to exchange ideas. Please note that only discussions are scheduled at the booth. Detailed product presentations will only take place remotely due to hygiene regulations. Requests for appointments - both for on-site meetings and web meetings - can be submitted via the contact form. We will then get in touch with you. 

2021 is it-sa-year again! From October 12 to 14, the trade fair on IT security will take place again in Nuremberg after a one-year break. In Hall 7a, Booth 326 the verinice.TEAM of SerNet GmbH will be present together with the verinice partners Cassini, SILA Consulting and c.a.p.e. IT. 

Colleagues from SerNet as well as the partner companies will be available to talk about verinice. The partners will also inform about their own range of services such as the setup of a management system for information security, consulting on standards such as BSI IT-Grundschutz, ISO 27001 and others as well as certification support. c.a.p.e IT GmbH advises on the integration of verinice.PRO and KIX Professional.

You are welcome to make an appointment with our partners or us in advance. Please use our contact form or send us an email to itsa@remove-this.sernet.de. Please note that only discussions are scheduled at the booth. Detailed product presentations will only take place remotely due to hygiene regulations. Requests for appointments - both for on-site meetings and web meetings - can be submitted via the contact form. We will then get in touch with you.

Secure a free day ticket!

We will gladly send you an individual registration link for a free it-sa ticket. With this you can explore the it-sa on one day and of course visit us at our booth. Just send us an email to itsa@remove-this.sernet.de, we will send you your link to the ticket. 

version 1.22.2 of verinice and verinice.PRO is now available for download in the verinice.SHOP or in the customer repository. verinice 1.22.2 (Release Notes) is a security update. The verinice.TEAM recommends all users to apply the available patch as soon as possible.

With verinice 1.22.2 the team fixes a vulnerability, details are described in the Security Advisory. The official CVE ID is CVE-2021-36981. We would like to especially thank Frank Nusko (Secianus GmbH), who found the vulnerability and informed us about it. Together we were able to prepare a Coordinated Disclosure. 


Secianus will publish the details of the vulnerability shortly, so that verinice users have enough time to update. If you need help with this or have any open questions, please feel free to contact us at sales@remove-this.sernet.de.

As of now, the verinice.TEAM provides the BSI published Benutzerdefinierte Bausteine for use in verinice free of charge. They can be ordered and downloaded from the verinice.SHOP. 

Users of IT-Grundschutz have the opportunity to contribute their expertise to IT-Grundschutz by creating so-called Benutzerdefinierte Bausteine (user defined building block). To do this, an institution picks out a topic or partial aspect for which no IT-Grundschutz building block has yet been published and on which it would like to work. Those responsible for information security can put their experience and work results, such as security assessments of threats and requirements, into the form of a building block. This user defined building block can then be published on the IT-Grundschutz website. Companies that want to address similar topics can benefit from the existing expertise and, at best, develop the content further.

The BSI does not review the content of user-defined building blocks, and the building blocks are not usually published in the IT-Grundschutz compendium. If there is a high demand for a topic, it is possible to revise a module further and include it in the IT-Grundschutz-Kompendium. The modules were created by IT-Grundschutz users and kindly made available to the BSI for publication. They may be used free of charge for IT security concepts based on IT-Grundschutz without the author's consent and without providing a source reference.

The IT Baseline Protection Profile for control centers is now available for use in verinice ( as of version 1.22). The Baseline Protection Profile is published by the Fachverband Leitstellen e.V. – in German only – and can now be directly integrated into verinice. It is available free of charge via the verinice.SHOP.

The IT Baseline Protection Profile for Control Centers helps users to install an information security process in a control center and to adapt it to the corresponding requirements. The Baseline Protection Profiles are intended by the BSI as a template for information security: with their help, users who have similar security requirements should use the template to "check the level of security in a resource-saving way or start to set up an information security management system (ISMS) according to IT Baseline Protection." (see BSI-Infoseite zu IT-Grundschutz-Profilen, German only).

The target group for this profile is primarily the decision-makers responsible for information technology in the area of control centers. It is also intended to serve as a guideline for information security concepts in control centers for manufacturers of control center technology and specialist planners commissioned with the technical planning of control centers. But other interested parties can also apply the sample scenario to their individual framework conditions.

The "IT Baseline Protection Profile for Control Centers for verinice" contains two sample organizations based on the IT Baseline Protection Kopendium in Edition 2020 as well as in Edition 2021. The updated version was created by the verinice.TEAM and can be used optionally - depending on which edition users are working with. By importing the corresponding file into verinice, an information network with modeled target objects according to the IT Baseline Protection Profile is then available for further use and individual adaptation.

The original IT Baseline Protection Profile for control centers can be downloaded as PDF from the BSI (German only).