case

case

DIVD responsibly discloses six new zero-day vulnerabilities to vendor

Aug 12, 2024 - DIVD researchers have discovered and, in collaboration with the vendor, disclosed six new zero-day vulnerabilities in Enphase IQ Gateway devices.

case

CASE: Attackers exploit zero day vulnerabilities in Ivanti software, and hack the Norwegian governement

An unknown attacker exploited several zero-day vulnerabilities in two Ivanti services: Ivanti EPMM and Avanti Sentry. The DIVD helped notify users of Ivanti software.

case

OPERATION ENDGAME DIVD-2024-00019

As part of Operation Endgame the Dutch Police and Europol have infiltrated a number of botnets. During this infiltration they obtained data about the victims of these botnets. DIVD is …

case

CASE: KASEYA

On March 23, 2021, DIVD volunteer Wietse Boonstra found six zero-day vulnerabilities in IT management software from Kaseya, a Miami-based company. This turned out to be one of the biggest …

case

CASE: SMARTERMAIL

A DIVD researcher discovered multiple vulnerabilities in SmarterMail. Both vulnerabilities were found within the webmail frontend of SmarterMail.

case

CASE: ATLASSIAN CONFLUENCE

After Veloxity identified a zero-day vulnerability, DIVD, DTC, and NSM cooperated to reach out to notify 18.469 vulnerable ISPs.

case

CASE: GLOBAL VMWARE ESXI RANSOMWARE ATTACKS

In cooperation with DIVD, NCSC-NL and several EU govcerts, 14,986 global vulnerable hosts were found and notified.

case

CASE : AUTHENTICATION BYPASS IN JETBRAINS TEAMCITY

A critical security issue was recently identified in TeamCity On-Premises. If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform bypass …

case

CASE: EXCHANGE BACKDOOR (2022)

On 2 June 2022, Eye Security published a blog about their findings. DIVD started scanning the same day. Researchers of DIVD found a way to test if Windows Exchange servers exposed to the …

case

CASE: GITLAB GRAPHQL API USER ENUMERATION

On November 18, 2021, a researcher at security company Rapid7 discovered a vulnerability (CVE-2021-4191) in Gitlab, that gave an unauthorized user the opportunity to collect the personal …

case

CASE: SOLARMAN

On April 16, 2021, a DIVD researcher discovered that data from her parents’ Omnik-solar panel system were sent to China. Jelle Ursem, who also joined the DIVD, found that this was possible for …

case

CASE: POST APACHE LOG4J2

During the Log4J crisis, DIVD researcher Max van der Horst noted that Redis instances were used to exploit the Log4J vulnerability. In total 9645 IP addresses were notified.