case reports

Reports

These case reports give you insight into the kinds of vulnerabilities we found, the numbers and how we helped to fix them. If you want to be informed on our current research projects, check the CSIRT page.


Report DIVD-2021-00004 - Leaked Phishing Credentials

7 June, 2021, by Célistine Oosting

an external researcher not tied to the DIVD informed us about leaked phishing credentials, the DIVD/DIVD CSIRT informed the victims of the phishing campaign after obtaining the information

Read more


Report DIVD-2021-00003- Facebook Leak

20 May, 2021, by Chris van ‘t Hof

This is actually a non-report, but it demonstrates where we draw the boundaries on what we can and cannot do according to our code of conduct.

Read more


Report DIVD-2020-00013 - Leaked Phishing Credentials

1 July, 2021, by Joris van de Vis

an external researcher not tied to the DIVD informed us about leaked phishing credentials, the DIVD/DIVD CSIRT informed the victims of the phishing campaign after obtaining the information

Read more


Report DIVD-2020-00012 - Scanning 49,577 Vulnerable Fortinet VPN Devices

12 May 2021, by Jeroen van de Weerd

A total of 34,831 notifications were sent to companies and agencies with vulnerable Fortinet VPN devices. We received some positive responses.

Read more


Report DIVD-2020-00010 - wpDiscuz Plugin Remote Code

12 May 2021, by Jeroen van de Weerd

DIVD researchers identified vulnerable wpDiscuz installations in the Netherlands and notified the system administrators.

Read more


Report DIVD-2020-00009 - Pulse Secure VPN enterprise Leak

11 May 2021, by Jeroen van de Weerd

A list of usernames and IP addresses of more than 900 Pulse Secure VPN enterprise servers was leaked online. Security researchers forwarded this list to DIVD who notified the victims.

Read more


2020-00008-313 000 Wordpress sites scanned

08 April 2021, by Jeroen van de Weerd

DIVD received a list with all the Wordpress websites in the .nl space, 313 000 sites were scanned for vulnerabilities. Two different vulnerabilities were reported on.

Read more


Report DIVD-2020-00007 Citrix ShareFile

31st June 2021, by Jeroen van de Weerd

On May 5, 2020, Citrix released a security advisory for the Citrix ShareFile product. The vulnerabilities allow an attacker to potentially compromise the storage zone controller and gain access to sensitive ShareFile documents and folders.

Read more


2020-00006-SMBv3

08 April 2021, by Jeroen van de Weerd

A buffer overflow vulnerability in Kernel Address Space could be exploited with a specially crafted compressed file. DIVD warned that there was a serious threat, a worldwide scan showed there were 62.000 IP addresses with SMBv3.1.1. running and compression enabled. Microsoft published a patch, after the patch was released, it was not possible anymore to find vulnerable systems only by scanning, so no additional scans were performed.

Read more


Report DIVD-2020-00005– Apache Tomcat AJP

14 July, 2021, by Gerard Janssen

A vulnerability was found in Apache Tomcat, nicknamed Ghostcat. The DIVD scanned the web for vulnerable systems and shared this information through non-public CERT channels.

Read more


2020-00004-Mirai Botnet Infections

25 January 2021, by Jeroen van de Weerd

On 20-01-2020, DIVD CSIRT received a list of IP addresses, usernames and passwords belonging to systems that may have been part of the Mirai botnet. We informed the affected users. After receiving no response, no further action was taken.

Read more


2020-00003-Bluegate

29 January 2021, by Gerard Janssen

Microsoft published two patches for a vulnerability in Windows Remote Desktop Gateway. Microsoft researchers discovered that the RD Gateway had two memory corruption vulnerabilities (CVE-2020-0609 and CVE-2020-0610). DIVD found about 1.137 vulnerable Dutch systems and reported to the owners how to fix these.

Read more


2020-00002-Wildcard certificates on Citrix

11 November 2020, by Jeroen van de Weerd

Further analysis of the data on the Citrix vunerability showed that more than 450 of the 700 identified vulnerable Citrix systems were using so-called wildcard certificates, which are TLS certificates that are valid for all subdomains within a domain.

Read more


2020-00001-Citrix

13 March 2020, by Chris van ‘t Hof

On December 17th Citrix published a vulnerability in Citrix Application Delivery Controller (ADC) products. These products are also known as NetScaler ADC, Citrix Gateway en Netscaler Gateway. Exploitation of the vulnerability allows an attack to execute arbirary command’s on these servers. DIVDs Security Hotline scaned the Dutch IP range and reported to the owners.

Read more