Frank Breedijk

Role: Manager DIVD CSIRT
Department: Institute

Manager and initiator of the DIVD CSIRT, previous know as Dutch Security Hotline. In daily live he is the CISO of Schuberg Philis

Social media

Icon - Seccubus
Icon - Frank Breedijk

Articles / cases / cves

Blog posts

• 14 February 2022 - Dutch Security Information Clearinghouse started
• 01 February 2022 - DIVD is a CVE Numbering Authority

CSIRT Cases

• DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE
• DIVD-2022-00014 - GreyNoise's Ukraine only list
• DIVD-2022-00009 - SolarMan backend administrator account/password
• DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution
• DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw
• DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure
• DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCE
• DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
• DIVD-2021-00014 - Kaseya Unitrends
• DIVD-2021-00012 - Warehouse Botnet
• DIVD-2021-00011 - Kaseya VSA Disclosure
• DIVD-2021-00002 - Kaseya VSA
• DIVD-2021-00001 - Microsoft on-prem Exchange Servers
• DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentials
• DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices
• DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR
• DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution
• DIVD-2020-00009 - Pulse Secure VPN enterprise Leak
• DIVD-2020-00008 - 313 000 Wordpress sites scanned
• DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability
• DIVD-2020-00002 - Wildcard certificaten Citrix ADC
• DIVD-2020-00001 - Citrix ADC

CVEs contributed to

• CVE-2021-26471 - Unauthenticated remote command execution in Vembu products
• CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
• CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
• CVE-2021-26474 - UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
• CVE-2021-30116 - Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
• CVE-2021-30117 - Authenticated SQL injection in Kaseya VSA < v9.5.6
• CVE-2021-30118 - Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
• CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
• CVE-2021-30121 - (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
• CVE-2021-30201 - Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
• CVE-2021-40385 - Privilege escalation from read-only to administrator in web interface of UniTrends Server < v10.5.5-2
• CVE-2021-40386 - Undisclosed critical vulnerability in Unitrends Client, currently unpatched
• CVE-2021-40387 - Authenticated Remote Code Execution in UniTrends Server < v10.5.5-2
• CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010
• CVE-2022-24385 - Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
• CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010
• CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010

CSIRT blog posts

• 15 August 2022 - Closing GeyNoise Ukraine Only case
• 08 June 2022 - ITarian critical vulnerabilities
• 03 June 2022 - Confluence 0-day
• 04 April 2022 - Kaseya Full Disclosure
• 01 February 2022 - DIVD is a CVE Numbering Authority
• 27 November 2021 - NMAP script for GitLab CVE-2021-22205
• 26 August 2021 - Exchange ProxyShell and ProxyOracle
• 26 August 2021 - Kaseya Unitrends update
• 25 August 2021 - Vembu BDR Full Disclosure
• 20 August 2021 - Social media consolidation
• 20 August 2021 - Planned Vembu Full Disclosure
• 07 July 2021 - Kaseya VSA Limited Disclosure
• 14 May 2021 - Closing ProxyLogon case / Case ProxyLogon gesloten
• 16 March 2021 - Additionele exchange scan script/additional exchange scan script
• 03 March 2021 - Actief misbruik Exchange Zero-day / Active abuse Exchange Zero-day
• 01 January 2021 - Phising slachtoffer notificatie / Victim notification phishing
• 07 August 2020 - wpDiscuz kwetsbaarheid maakt het mogelijk systeem over te nemen / wpDiscuz vulnerability allows system takeover
• 05 August 2020 - Datadump met informatie over vermoedelijk gehackte PulseVPN systemen gelekt / Datadump with information on hacked PulseVPN systems leaked
• 28 May 2020 - Ernstige lek in Citrix ShareFile storage server / Critical vulnerability in Citrix ShareFile storage server
• 12 March 2020 - Mircosoft repareert lek in SMB v3 / Microsoft patches vulnerability in SMB v3
• 12 March 2020 - Ernstig ongepatched lek in SMB v3 / Critical unpatched vulnerability in SMB v3
• 15 February 2020 - Citrix talk en demo bij Hackerhotel / Citrix talk and demo at Hackerhotel
• 05 February 2020 - Wederom Citrix meldingen / Citrix notifications again
• 29 January 2020 - BlueGate patch restart?
• 26 January 2020 - DIVD Call For Volunteers
• 22 January 2020 - Wildcard certificaten aangetroffen op veel kwetsbare Citrix ADC systemen / Lots of vulnerable Citrix ADCs used wildcard certificates
• 19 January 2020 - Eerste Citrix patches beschikbaar, andere patches sneller / First Citrix patches available, other patches available sooner
• 17 January 2020 - We gaan weer door met scannen en melden ! / We have resumed scanning and notifying !
• 16 January 2020 - Citrix mitigatie blijkt niet betrouwbaar / Citrix mitigation turns out to be unreliable
• 15 January 2020 - Controles voor de Citrix ADC compromittatie / Checks to see if your Citrix ADC is compromised
• 13 January 2020 - Wijd verspreide kwetsbaarheid in Citrix Gateway en Citrix Application Delivery Controller