Frank Breedijk
Role: Crisis manager (+ CSIRT helper)Currently I’m the Crisis Manager for DIVD. Besides that I’m still a manager in the CSIRT which I initiated when I joined DIVD. In daily live I am the CISO of Schuberg Philis. I have another side job as secretary of the board of Het Nederlandse Security Meldpunt
Social media
Icon - @seccubusIcon - Frank Breedijk
Articles / cases / cves
Blog posts
- 14 February 2022 - Dutch Security Information Clearinghouse started
- 01 February 2022 - DIVD is a CVE Numbering Authority
CSIRT Cases
- DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518
- DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN
- DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS
- DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
- DIVD-2022-00048 - Dossier Energy Transition
- DIVD-2022-00045 - Injection vulnerability found within Socket.io
- DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE
- DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js
- DIVD-2022-00014 - GreyNoise's Ukraine only list
- DIVD-2022-00013 - The curious case of the odd update.microsoft.com certificates
- DIVD-2022-00009 - SolarMan backend administrator account/password
- DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
- DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw
- DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure
- DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCE
- DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
- DIVD-2021-00014 - Kaseya Unitrends
- DIVD-2021-00012 - Warehouse Botnet
- DIVD-2021-00011 - Kaseya VSA Disclosure
- DIVD-2021-00002 - Kaseya VSA
- DIVD-2021-00001 - Microsoft on-prem Exchange Servers
- DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentials
- DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices
- DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR
- DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution
- DIVD-2020-00009 - Pulse Secure VPN enterprise Leak
- DIVD-2020-00008 - 313 000 Wordpress sites scanned
- DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability
- DIVD-2020-00002 - Wildcard certificaten Citrix ADC
- DIVD-2020-00001 - Citrix ADC
CVEs contributed to
- CVE-2021-26471 - Unauthenticated remote command execution in Vembu products
- CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
- CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
- CVE-2021-26474 - UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
- CVE-2021-30116 - Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
- CVE-2021-30117 - Authenticated SQL injection in Kaseya VSA < v9.5.6
- CVE-2021-30118 - Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
- CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
- CVE-2021-30121 - (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
- CVE-2021-30201 - Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
- CVE-2021-40385 - Privilege escalation from read-only to administrator in web interface of UniTrends Server < v10.5.5-2
- CVE-2021-40386 - Undisclosed critical vulnerability in Unitrends Client, currently unpatched
- CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2
- CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010
- CVE-2022-24385 - Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
- CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010
- CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
CSIRT blog posts
- 18 January 2023 - Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers
- 14 December 2022 - Fortinet sslvpnd vulnerability - update
- 15 August 2022 - Closing GeyNoise Ukraine Only case
- 08 June 2022 - ITarian critical vulnerabilities
- 03 June 2022 - Confluence 0-day
- 04 April 2022 - Kaseya Full Disclosure
- 01 February 2022 - DIVD is a CVE Numbering Authority
- 27 November 2021 - NMAP script for GitLab CVE-2021-22205
- 26 August 2021 - Exchange ProxyShell and ProxyOracle
- 26 August 2021 - Kaseya Unitrends update
- 25 August 2021 - Vembu BDR Full Disclosure
- 20 August 2021 - Social media consolidation
- 20 August 2021 - Planned Vembu Full Disclosure
- 07 July 2021 - Kaseya VSA Limited Disclosure
- 14 May 2021 - Closing ProxyLogon case / Case ProxyLogon gesloten
- 16 March 2021 - Additionele exchange scan script/additional exchange scan script
- 03 March 2021 - Actief misbruik Exchange Zero-day / Active abuse Exchange Zero-day
- 01 January 2021 - Phising slachtoffer notificatie / Victim notification phishing
- 07 August 2020 - wpDiscuz kwetsbaarheid maakt het mogelijk systeem over te nemen / wpDiscuz vulnerability allows system takeover
- 05 August 2020 - Datadump met informatie over vermoedelijk gehackte PulseVPN systemen gelekt / Datadump with information on hacked PulseVPN systems leaked
- 28 May 2020 - Ernstige lek in Citrix ShareFile storage server / Critical vulnerability in Citrix ShareFile storage server
- 12 March 2020 - Mircosoft repareert lek in SMB v3 / Microsoft patches vulnerability in SMB v3
- 12 March 2020 - Ernstig ongepatched lek in SMB v3 / Critical unpatched vulnerability in SMB v3
- 15 February 2020 - Citrix talk en demo bij Hackerhotel / Citrix talk and demo at Hackerhotel
- 05 February 2020 - Wederom Citrix meldingen / Citrix notifications again
- 29 January 2020 - BlueGate patch restart?
- 26 January 2020 - DIVD Call For Volunteers
- 22 January 2020 - Wildcard certificaten aangetroffen op veel kwetsbare Citrix ADC systemen / Lots of vulnerable Citrix ADCs used wildcard certificates
- 19 January 2020 - Eerste Citrix patches beschikbaar, andere patches sneller / First Citrix patches available, other patches available sooner
- 17 January 2020 - We gaan weer door met scannen en melden ! / We have resumed scanning and notifying !
- 16 January 2020 - Citrix mitigatie blijkt niet betrouwbaar / Citrix mitigation turns out to be unreliable
- 15 January 2020 - Controles voor de Citrix ADC compromittatie / Checks to see if your Citrix ADC is compromised
- 13 January 2020 - Wijd verspreide kwetsbaarheid in Citrix Gateway en Citrix Application Delivery Controller