By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post

Speed cameras are about as popular as chopped liver on a grade school cafeteria menu, just one of many modern inconveniences keeping us “safe”. In an interesting turn of events, speed cameras were one of several affected services in a cyber attack in the Netherlands. The attack occurred against Openbaar Ministerie (OM), the official body responsible for bringing suspects before the criminal court in the Netherlands. Just look at you, Netherlands, winning for the best name ever for your criminal courts. One can only hope there is also a Minibaar MInisterie.

On July 17 the OM suffered a fairly severe cyber-attack, said by media to be attributed to Russia or China, which took their systems offline, leaving them relying largely on paper for communications and documentation. The other side effect was that it knocked out the majority of their traffic cameras, which remain offline for now. According to public sources, affected information included “information about ongoing court cases, police investigations, and employees’ personal details” in addition to managing these cameras. The OM remains unable to turn the cameras back on at the time of this report without potentially affecting security of systems, which are still in recovery.

What happened? It sounds like OM systems were compromised in attacks involving the “zero day” Citrix NetScaler memory overflow vulnerability, tracked as CVE-2025-6543, first seen in early May, according to BleepingComputer. What is a zero day? A zero day is a security vulnerability previously unknown to the vendor or developer of the affected software or hardware, and for which no patch has been developed or released.

What is a “CVE”? A CVE, or Common Vulnerabilities and Exposures, is simply a standardized identifier for publicly known cybersecurity vulnerabilities. It's a unique label assigned to a specific security flaw in software or hardware, making it easier to track and discuss these vulnerabilities. Yikes!

What is the Citrix Netscaler memory overflow vulnerability- CVE-2025-6543? This critical issue is a memory overflow bug that allows unintended control flow or a denial-of-service state on impacted devices.

“Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server” per Citrix’s advisory.

Citrix had issued a bulletin about the flaw on June 25, 2025 (less than a month before the OMvattack), warning that the following software versions were vulnerable to ongoing attacks:

• 14.1 before 14.1-47.46
• 13.1 before 13.1-59.19
• 13.1-FIPS and 13.1-NDcPP before 13.1-37.236
• 12.1 and 13.0 → End-of-Life but still vulnerable (no fixes provided, upgrade to a newer release recommended)

It was initially thought the flaw could only be exploited in denial of service (DoS) attacks, but the NCSC’s warning now indicates that the attackers exploited it to achieve remote code execution.

The NCSC’s warning about CVE-2025-6543 notes that hackers have leveraged the flaw to breach multiple entities in the country and then worked to wipe traces of the attacks to eliminate evidence of the intrusions.

What should your big takeaway lesson here be, both for general users and organizations?

One of the biggest ways bad guys get into places they shouldn’t is people who ignore software patching schedules. This might seem like a time-consuming annoyance, another darn button to click, but wouldn’t you rather click that update button, than have a bad guy use a vulnerability to break into your systems? Yeah, same. Patch your stuff! Set it to automatically patch if that helps you, do it by hand, whatever it takes just PATCH YOUR STUFF.

If you are an organization, make sure that your budget allows for a good vulnerability and remediation program to help you stay on top of these things. Don’t ignore cyber security, it will always come back to haunt you and probably bite you in the rear.

In other news, keep an eye out for the Los Alamos County traffic cameras, coming soon!

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.

Cyber security meme.