updates
Dutch energy sector, we have a cloud problem
A lot of the Dutch energy sector now runs in the cloud, and that happened gradually, always with efficiency in mind. But who thought about sovereignty and always be in control?
news
We have moved to ENISA as its Root CNA
As a CVE Numbering Authority, we assign CVEs to vulnerabilities. Within the CVE program, every CNA operates under a Root CNA, and until now that was MITRE. From now on, it will be European Union Agency for Cybersecurity (ENISA).
case
CASE: MENDIX MISCONFIGURATION (again)
DIVD warns of common configuration mistakes in Mendix applications. No vulnerability in Mendix itself. Organizations should immediately review the authorization settings of their own applications.
case
OPERATION ENDGAME PART 3
We are notifying victims of the Rhadamanthys infostealer. Since the datasets contain information on a very large number of individuals, we will not be sending individual notifications. Instead, we enable CERTs, CSIRTs and security teams.
case
OPERATION ENDGAME 2.0
DIVD is notifying victims of the Latrodectus infostealer, the evolution of IcedID. We are notifying victims that were identified as a part of Operation Endgame 2.0. If you receive a notification, please read the instructions carefully.
news
Critical vulnerabilities found in procurement platform used by U.S. public sector
One of our researchers has identified three critical vulnerabilities in the SicommNet BASEC e-procurement system, primarily used by U.S. public sector agencies. These vulnerabilities allow malicious actors to bypass all security measures in the system, granting them acces to and control over the entire platform — including all customer data stored in its database.
news
DIVD speelt belangrijke rol in digitale veiligheid energiesector door unieke positie
Het Dutch Institute for Vulnerability Disclosure (DIVD) start met trots het project ‘Coordinated Vulnerability Disclosure (CVD) in de energiesector’. Met dit initiatief zet DIVD een nieuwe onderzoekslijn op om de digitale weerbaarheid van het steeds kwetsbaarder wordende energiesysteem te versterken. Dit doen we samen met diverse partners.
news
Press release: Research unveils 17 new zero-days in EV Chargers
Jan 09, 2025 - In our most recent research into the security of EV chargers, 17 new vulnerabilities (zero days) were discovered in chargers manufactured by iocharger. These vulnerabilities were present in all AC-models of iocharger. The research was conducted by external researcher Wilco van Beijnum and DIVD researcher Harm van den Brink.
news
Exploring Collaboration on Coordinated Vulnerability Disclosure in Japan
Dec 18, 2024 - With the support of the Dutch embassy in Tokyo, I (Chris van 't Hof) have researched Coordinated Vulnerability Disclosure (CVD) in Japan. I had the opportunity to travel to Japan from October 22 to November 22. During my stay, I interviewed security researchers from various governmental institutes, companies, and universities and spoke with hackers, most of whom were foreign nationals residing in Japan. I also participated in conferences and meetings: KEIO Cybersecurity Conference (30-10/1-11), Cyber Risk Meetup (1-11), TengueSec meetup (13-11), CodeBlue (14-11/15-11), and AVTokyo (16-11). One of the highlights of my trip was organizing a CVD expert meeting with the Dutch embassy on the 13th of November. The last days I spent in the beautiful coastal village of Kamakura to start writing this report.
news
How to secure your Blob Storage container
Services such as Amazon S3 Buckets and Azure Blob Storage offer the convenience of storing data which is accessible by various users and services simultaneously. However, misconfiguration of any of these storage services can expose your organization to several risks and consequences.
news
Leaked credentials: What we do to keep you safe
On our website, you might have found a page called ‘how we deal with leaked credentials’ or spotted the case ‘DIVD-2020-00013 Leaked phishing credentials’. Does this mean that our volunteers send out phishing emails and leak the obtained credentials of innocent victims? Of course not!
news
Save the Date: Exclusive Event for Partners
Sep 1, 2024 - We’re excited to welcome our partners to a special evening marking our 5th anniversary.