case
OPERATION ENDGAME DIVD-2024-00019
As part of Operation Endgame the Dutch Police and Europol have infiltrated a number of botnets. During this infiltration they obtained data about the victims of these botnets. DIVD is providing victim notification for civilians.
case
CASE: IVANTI (New)
The DIVD helped notifying users of Ivanti software.
case
CASE: IVANTI
The DIVD helped notifying users of Ivanti software.
case
CASE: KASEYA
One of the biggest (ransomware) cases in historie, a case with a huge impact worldwide.
case
CASE: SMARTERMAIL
A DIVD researcher found multiple vulnerabilities in SmarterMail. Both vulnerabilities were discovered within the webmail fronted of SmarterMail.
case
CASE: EXPOSED BACNET DEVICES
During the Log4J crisis, researchers uncovered BACnet devices with open ports. Upon further investigation, more devices have been found running the BACnet protocol.
case
CASE: ATLASSIAN CONFLUENCE
After Veloxity identified a zero-day vulnerability, DIVD, DTC and NSM cooperated to reach out to notify 18.469 vulnerable ISP.
news
NEWS: INGE BRYAN NIEUWE BESTUURSVOORZITTER DIVD
Met trots en plezier maken we bekend dat Inge Bryan de nieuwe bestuursvoorzitter is van het Dutch Institute for Vulnerability Disclosure. Ze neemt deze rol over van Astrid Oosenbrug. Astrid legt de voorzittershamer neer om zich meer te gaan richten op de ontwikkeling van de DIVD Academy.
case
CASE: GLOBAL VMWARE ESXI RANSOMWARE ATTACKS
In a cooperation with DIVD, NCSC-NL and several EU govcerts, 14,986 global vulnerable hosts were found and notified.
case
CASE : AUTHENTICATION BYPASS IN JETBRAINS TEAMCITY
A critical security issue was recently identified in TeamCity On-Premises. If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform bypass authentication checks and gain administrative control of that TeamCity server.
case
CASE: AUTHENTICATION BYPASS & REMOTE CODE EXECUTION IN CONNECTWISE SCREENCONNECT
A critical security issue was recently identified in ConnectWise ScreenConnect. If abused, the flaw may enable an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems.
news
NEWS: VEEL GEMEENTEN REAGEREN NOG NIET ADEQUAAT OP BEVEILIGINGSLEKKEN
Veel gemeenten reageren te traag of niet adequaat genoeg op meldingen over beveiligingslekken. Deze zogenoemde Coordinated Vulnerability Disclosures (CVD meldingen) worden vaak gedaan door ethische hackers die zo het internet veiliger willen maken. Dit proces is de laatste jaren wel verbeterd, maar er blijft nog steeds een wereld te winnen voor de gemeenten. Dat blijkt uit een recent uitgevoerd onderzoek van de Universiteit Twente en Dutch Institute for Vulnerability Disclosure (DIVD) onder 114 Nederlandse gemeenten.