case
CASE: SMARTERMAIL
A DIVD researcher discovered multiple vulnerabilities in SmarterMail. Both vulnerabilities were found within the webmail frontend of SmarterMail.
case
CASE: ATLASSIAN CONFLUENCE
After Veloxity identified a zero-day vulnerability, DIVD, DTC, and NSM cooperated to reach out to notify 18.469 vulnerable ISPs.
news
NEWS: INGE BRYAN NIEUWE BESTUURSVOORZITTER DIVD
Met trots en plezier maken we bekend dat Inge Bryan de nieuwe bestuursvoorzitter is van het Dutch Institute for Vulnerability Disclosure. Ze neemt deze rol over van Astrid Oosenbrug. Astrid legt de voorzittershamer neer om zich meer te gaan richten op de ontwikkeling van de DIVD Academy.
case
CASE: GLOBAL VMWARE ESXI RANSOMWARE ATTACKS
In cooperation with DIVD, NCSC-NL and several EU govcerts, 14,986 global vulnerable hosts were found and notified.
case
CASE : AUTHENTICATION BYPASS IN JETBRAINS TEAMCITY
A critical security issue was recently identified in TeamCity On-Premises. If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform bypass authentication checks and gain administrative control of that TeamCity server.
news
NEWS: Veel gemeenten reageren nog niet adequaat op beveiligingslekken
Veel gemeenten reageren te traag of niet adequaat genoeg op meldingen over beveiligingslekken. Deze zogenoemde Coordinated Vulnerability Disclosures (CVD meldingen) worden vaak gedaan door ethische hackers die zo het internet veiliger willen maken. Dit proces is de laatste jaren wel verbeterd, maar er blijft nog steeds een wereld te winnen voor de gemeenten. Dat blijkt uit een recent uitgevoerd onderzoek van de Universiteit Twente en Dutch Institute for Vulnerability Disclosure (DIVD) onder 114 Nederlandse gemeenten.
case
CASE: EXCHANGE BACKDOOR (2022)
On 2 June 2022, Eye Security published a blog about their findings. DIVD started scanning the same day. Researchers of DIVD found a way to test if Windows Exchange servers exposed to the internet had a backdoor.
case
CASE: SOLARMAN
On April 16, 2021, a DIVD researcher discovered that data from her parents’ Omnik-solar panel system were sent to China. Jelle Ursem, who also joined the DIVD, found that this was possible for 996.000 systems worldwide, 42.000 in the Netherlands, 7.200 in Germany, 18.000 in England, 3.400 in the US, and 326.000 in China. In total these PV systems were able to produce more than 10 Gigawatts of power. In a worst-case scenario, he could build a botnet of inverters that were under his control.
case
CASE: KASEYA VSA, BEHIND THE SCENES
In April 2021 Dutch hackers found a number of vulnerabilities in software used by Kaseya, a business that makes tools for system managers working remotely. This is a translation of a chapter from the book Hackers by Gerard Janssen. This chapter starts after the story of Dutch hacker Victor Gevers discovered that two-factor authentication of Donald Trump’s Twitter account was disabled and guessed his Twitter password, in November 2020.
case
CASE: APACHE LOG4J2
Apache reported a remote code execution vulnerability in Apache Log4j2, the vulnerability in the Log framework of Apache makes it possible to misuse the record log information feature. This makes it possible for an attacker to construct special data request packets through this vulnerable component, and ultimately trigger remote code execution.
case
CASE: SOLARWINDS ORION
On December 8, 2020, FireEye announced that the company had fallen victim to a hack. DIVD scanned for Supernova and found around 700 vulnerable Solarwinds Orion systems facing the internet, worldwide, including systems of foreign defense units and satellite communication. Eight of these systems used IP addresses from the Netherlands.
case
CASE: LEAKED PHISHING CREDENTIALS (ZOOM)
At the end of November 2020, criminals conducted a phishing campaign that mimicked Zoom message invites and notifications about mail quarantine. On January 1, 2021, email notifications were sent to the victims of this phishing scheme. In total, 370 emails were distributed.