Articles

news

NEWS: Veel gemeenten reageren nog niet adequaat op beveiligingslekken

Veel gemeenten reageren te traag of niet adequaat genoeg op meldingen over beveiligingslekken. Deze zogenoemde Coordinated Vulnerability Disclosures (CVD meldingen) worden vaak gedaan door ethische hackers die zo het internet veiliger willen maken. Dit proces is de laatste jaren wel verbeterd, maar er blijft nog steeds een wereld te winnen voor de gemeenten. Dat blijkt uit een recent uitgevoerd onderzoek van de Universiteit Twente en Dutch Institute for Vulnerability Disclosure (DIVD) onder 114 Nederlandse gemeenten.

case

CASE: GITLAB GRAPHQL API USER ENUMERATION

On November 18, 2021, a researcher at security company Rapid7 discovered a vulnerability (CVE-2021-4191) in Gitlab, that gave an unauthorized user the opportunity to collect the personal information of other users. Following responsible disclosure, on February 25, 2022, GitLab published a fix for the vulnerability. DIVD scanned the internet and found almost 14000 vulnerable systems.

case

CASE: EXCHANGE BACKDOOR (2022)

On 2 June 2022, Eye Security published a blog about their findings. DIVD started scanning the same day. Researchers of DIVD found a way to test if Windows Exchange servers exposed to the internet had a backdoor.

case

CASE: SOLARMAN

On April 16, 2021, a DIVD researcher discovered that data from her parents’ Omnik-solar panel system were sent to China. Jelle Ursem, who also joined the DIVD, found that this was possible for 996.000 systems worldwide, 42.000 in the Netherlands, 7.200 in Germany, 18.000 in England, 3.400 in the US, and 326.000 in China. In total these PV systems were able to produce more than 10 Gigawatts of power. In a worst-case scenario, he could build a botnet of inverters that were under his control.

case

CASE: POST APACHE LOG4J2

During the Log4J crisis, DIVD researcher Max van der Horst noted that Redis instances were used to exploit the Log4J vulnerability. In total 9645 IP addresses were notified.

case

CASE: KASEYA VSA, BEHIND THE SCENES

In April 2021 Dutch hackers found a number of vulnerabilities in software used by Kaseya, a business that makes tools for system managers working remotely. This is a translation of a chapter from the book Hackers by Gerard Janssen. This chapter starts after the story of Dutch hacker Victor Gevers discovered that two-factor authentication of Donald Trump’s Twitter account was disabled and guessed his Twitter password, in November 2020.

case

CASE: APACHE LOG4J2

Apache reported a remote code execution vulnerability in Apache Log4j2, the vulnerability in the Log framework of Apache makes it possible to misuse the record log information feature. This makes it possible for an attacker to construct special data request packets through this vulnerable component, and ultimately trigger remote code execution.

case

CASE: SOLARWINDS ORION

On December 8, 2020, FireEye announced that the company had fallen victim to a hack. DIVD scanned for Supernova and found around 700 vulnerable Solarwinds Orion systems facing the internet, worldwide, including systems of foreign defense units and satellite communication. Eight of these systems used IP addresses from the Netherlands.

case

CASE: LEAKED PHISHING CREDENTIALS (ZOOM)

At the end of November 2020, criminals conducted a phishing campaign that mimicked Zoom message invites and notifications about mail quarantine. On January 1, 2021, email notifications were sent to the victims of this phishing scheme. In total, 370 emails were distributed.

case

CASE: FACEBOOK LEAK (DIVD-2021-00003)

On April 4 several news platforms reported personal data of 533 million Facebook users was leaked. This is actually a non-report, but it demonstrates where we draw the boundaries on what we can and cannot do according to our code of conduct.

case

CASE: FACEBOOK LEAK

case

CASE: SMBv3 SERVER COMPRESSION TRANSFORM HEADER MEMORY CORRUPTION

On March 10, 2020, Microsoft published information about a serious vulnerability in Microsoft’s Server Block Protocol version 3. The vulnerability (CVE-2020-0796) is a remote code execution vulnerability that exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.