news

Press release: Research unveils 17 new zero-days in EV Chargers

Jan 09, 2025 - In our most recent research into the security of EV chargers, 17 new vulnerabilities (zero days) were discovered in chargers manufactured by iocharger. These vulnerabilities were present in all AC-models of iocharger. The research was conducted by external researcher Wilco van Beijnum and DIVD researcher Harm van den Brink.

news

Exploring Collaboration on Coordinated Vulnerability Disclosure in Japan

Dec 18, 2024 - With the support of the Dutch embassy in Tokyo, I (Chris van 't Hof) have researched Coordinated Vulnerability Disclosure (CVD) in Japan. I had the opportunity to travel to Japan from October 22 to November 22. During my stay, I interviewed security researchers from various governmental institutes, companies, and universities and spoke with hackers, most of whom were foreign nationals residing in Japan. I also participated in conferences and meetings: KEIO Cybersecurity Conference (30-10/1-11), Cyber Risk Meetup (1-11), TengueSec meetup (13-11), CodeBlue (14-11/15-11), and AVTokyo (16-11). One of the highlights of my trip was organizing a CVD expert meeting with the Dutch embassy on the 13th of November. The last days I spent in the beautiful coastal village of Kamakura to start writing this report.

news

How to secure your Blob Storage container

Services such as Amazon S3 Buckets and Azure Blob Storage offer the convenience of storing data which is accessible by various users and services simultaneously. However, misconfiguration of any of these storage services can expose your organization to several risks and consequences.

news

Leaked credentials: What we do to keep you safe

On our website, you might have found a page called ‘how we deal with leaked credentials’ or spotted the case ‘DIVD-2020-00013 Leaked phishing credentials’. Does this mean that our volunteers send out phishing emails and leak the obtained credentials of innocent victims? Of course not!

news

Save the Date: Exclusive Event for Partners

Sep 1, 2024 - We’re excited to welcome our partners to a special evening marking our 5th anniversary.

case

DIVD responsibly discloses six new zero-day vulnerabilities to vendor

Aug 12, 2024 - DIVD researchers have discovered and, in collaboration with the vendor, disclosed six new zero-day vulnerabilities in Enphase IQ Gateway devices.

news

Over 1 Million Notifications

Aug 1, 2024 - While the existence of a vulnerability is not something to celebrate, thanks to the hard work of skilled volunteers working for DIVD, we have been able to notify vulnerable organizations of at least 1 million compromised IP addresses.

news

How to secure your AWS S3 buckets

1.5 million files are stored unprotected on the public internet, does this still happen? Unfortunately, yes, it still happens. Despite our familiarity with security policies, controls, and best practices. In this article, you can read how you can secure your AWS S3 buckets and why it is important to do it.

news

Maintain recognition of DIVD Academy for vulnerable students!

Prevent students from being left without internships by maintaining recognition of DIVD Academy. Sign for a promising future for students!

case

CASE: Attackers exploit zero day vulnerabilities in Ivanti software, and hack the Norwegian governement

An unknown attacker exploited several zero-day vulnerabilities in two Ivanti services: Ivanti EPMM and Avanti Sentry. The DIVD helped notify users of Ivanti software.

case

OPERATION ENDGAME DIVD-2024-00019

As part of Operation Endgame the Dutch Police and Europol have infiltrated a number of botnets. During this infiltration they obtained data about the victims of these botnets. DIVD is providing victim notification for civilians.

case

CASE: KASEYA

On March 23, 2021, DIVD volunteer Wietse Boonstra found six zero-day vulnerabilities in IT management software from Kaseya, a Miami-based company. This turned out to be one of the biggest (ransomware) cases in history, a case with a huge impact worldwide.