Skip to the content.

DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections Max van der Horst

Status: Open
Post-Log4J Open Database Instances used for C2 and Monero Miner Infections.

Lees meer

DIVD-2022-00002 - Grafana Tom Wolters

Status: Open
Unauthenticated Directory Traversal vulnerability in Grafana - CVE-2021-43798

Lees meer

DIVD-2021-00039 - HP iLO Patrick Hulshof

Status: Open
We will be scanning for open-iLO ports

Lees meer

DIVD-2021-00038 - Apache Log4j2 Victor Pasman

Status: Open
We will be scanning for CVE-2021-44228

Lees meer


DIVD-2021-00033 - Sites with Potential SQL-Injection Célistine Oosting

Status: Open
We obtained a list with sites potentially vulnerable to SQL-Injection

Lees meer

DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw Jeroen van de Weerd

Status: Open
We will be scanning for CVE-2021-22205

Lees meer


DIVD-2021-00026 - Omigod: Microsoft Open Management Interface RCE Célistine Oosting

Status: Closed
Omigod vulnerabilities make it possible to execute remote code via Microsoft Open Management Interface (OMI) this service is installed automatically on machines running certain Azure services (either on premise or in the cloud)

Lees meer

DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle Frank Breedijk

Status: Open
We will be scanning for the vulnerabilities related to the ProxyShell and ProxyOracle attacks against Microsoft Exchange.

Lees meer

DIVD-2021-00017 – SolarWinds N-able N-central agent vulnerabilities Hidde Smit

Status: Closed
Vulnerabilities discovered affect multi-tenant environments.

Lees meer

DIVD-2021-00015 - Telegram OD Victor Gevers

Status: Open
One of our researchers has discovered a Telegram group that shares millions of usernames and passwords that criminals have stolen from their victims.

Lees meer

DIVD-2021-00014 - Kaseya Unitrends Victor Gevers

Status: Open
Users of on-premise Kaseya Unitrends are advised to not expose this service directly to the internet

Lees meer

DIVD-2021-00012 - Warehouse Botnet Frank Breedijk

Status: Open
One of our researchers has discovered a database full of usernames and passwords that criminals have stolen from their victims'.

Lees meer

DIVD-2021-00011 - Kaseya VSA Limited Disclosure Lennaert Oudshoorn

Status: Open
Wietse Boonstra found multiple vulnerabilities in Kaseya VSA, this casefile details the disclosure process.

Lees meer

DIVD-2021-00010 - vCenter Server PreAuth RCE Hidde Smit

Status: Closed
A critical vulnerability has been found in VMware vCenter Server versions 3.x, 4.x, 6.5, 6.7 and 7.0.

Lees meer

DIVD-2021-00007 - EA Origin XSS and RCE 1-click Hidde Smit

Status: Closed
Origin users are advised to update Origin client to the latest version

Lees meer

DIVD-2021-00006 - SmarterMail Victor Pasman

Status: Closed
Multiple vulnerabilities discovered in all versions of 16.x of Smartertools SmarterMail and all versions before 100.0.7803 (May 13, 2021)

Lees meer

DIVD-2021-00005 - Pulse Secure PreAuth RCE Matthijs Koot

Status: Closed
Er zijn kritieke kwetsbaarheden gevonden in Pulse Secure Connect versies >=9.0R3 en =9.0R3 and <9.1R11.4.

Lees meer

DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials Lennaert Oudshoorn , Célistine Oosting

Status: Closed
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte emailadressen en wachtwoorden van een security researcher ontvangen. / DIVD has received a list of credentials obtained through phishing from a security researcher.

Lees meer

DIVD-2021-00002 - Kaseya VSA Victor Gevers , Lennaert Oudshoorn

Status: Closed
Users of on-premise Kaseya VSA are advised to disable their Kaseya VSA servers.

Lees meer

DIVD-2021-00001 - Microsoft on-prem Exchange Servers Lennaert Oudshoorn

Status: Closed
Microsoft heeft meerdere 0-day exploits ontdekt die actief gebruikt worden om on-premises versies van Microsoft Exchange Server aan te vallen. / Microsoft has detected multiple 0-day exploits that are actively being used in attacks against on-premises versions of Microsoft Exchange Server.

Lees meer

DIVD-2020-00014 - SolarWinds Orion Lennaert Oudshoorn

Status: Closed
Een authenticatie bypass kan aanvallers de mogelijkeheid geven om API commando's uit te voeren, hierdoor kan het systeem gecompromiteerd worden. / An authentication bypass could allow attackers to execute API commands which may result in a compromise of the system.

Lees meer

DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentials Frank Breedijk

Status: Closed
DIVD heeft een lijst van bij phishing buitgemaakte en daarna gelekte email en wachtwoorden van een partner ontvangen / DIVD has received a list of credentials obtained through phishing from a partner.

Lees meer

DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices Lennaert Oudshoorn

Status: Open
Er is een lijst online aangetroffen met 49 577 kwetsbare Fortinet VPN devices waarvan login credentials gestolen kunnen worden / A list was found online, with 49 577 vulnerable Fortinet VPN devices, potentially login credentials could be exposed

Lees meer

DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR Frank Breedijk

Status: Open
DIVD Onderzoeker Wietse Boonstra heeft vier critieke kwetsbaarheden gevonden in Vembu BDR, patches zijn beschikbaar / DIVD researcher Wietse Boonstra hasdiscovered four critical vulnerabilities in Vembu BDR, patches are available.

Lees meer

DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution Frank Breedijk

Status: Closed
In de WordPress Plugin wpDiscuz zit een kritieke kwetsbaarheid die aanvalles in staat stelt een systemen over te nemen / Wordpress plugin wpDiscuz has a critical vulnerability that allows an attacker to take over the system.

Lees meer

DIVD-2020-00009 - Pulse Secure VPN enterprise Leak Lennaert Oudshoorn

Status: Closed
Een datadump met informatie over meer dan 900 gecompromitteerde Pulse Secure VPN enterprise servers is publiek gemaakt. / A data dump with information of over 900 compromised Pulse Secure VPN enterprise servers has been released.

Lees meer

DIVD-2020-00008 - 313 000 Wordpress sites scanned Lennaert Oudshoorn

Status: Closed
Onderzoekers van het DIVD hebben 313 000 Wordpress sites met .NL domein gescanned, meldingen voor kwetsbare sites worden gedaan naarmate de resultaten verwerkt worden. / DIVD researchers scanned 313 000 Wordpress websites with .NL domains, vulnerability notifications are being sent as results are processed.

Lees meer

DIVD-2020-00007 - Citrix ShareFile Lennaert Oudshoorn

Status: Closed
Er is een kwetsbaarheid gevonden in Citrix ShareFile deze kwetsbaarheid kan gebruikt worden door een aanvaller om toegang te verkrijgen tot gevoelige data. / A vulnerabilty in Citrix ShareFile has been discovered, this vulnerability can be used by an attacker to potentially gain access to sensitive data.

Lees meer

DIVD-2020-00006 - SMBv3 Server Compression Transform Header Memory Corruption Sander Spierenburg

Status: Closed
Security Meldpunt vraagt uw aandacht voor een SMBv3 kwetsbaarheid en gaat netwerkbeheerders met publiek beschikbare SMBv3 servers met compressie waarschuwen / The Security hotline is asking your attention for a vulnerabilty in SMBv3 and is going to warn network operators of Dutch IPs that respond to SMBv3 handshakes and have encryption enabled

Lees meer

DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability Jeroen van de Weerd

Status: Closed
773 Nederlandse IP adressen kwetsbaar voor Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability / 773 Dutch IP addresses vulnerable to Ghostcat - Apache Tomcat AJP File Read / Inclusion Vulnerability

Lees meer

DIVD-2020-00004 - List of Mirai botnet victims published with credentials Sander Spierenburg

Status: Closed
Een lijst met ruim 500k+ botnet slachtoffers is gepubliceerd / A list of Mirai botnet victims has been published exposing a total of 500K+ systems

Lees meer

DIVD-2020-00003 - Microsoft RDP Gateway vulnerable for Bluegate RCE Barry van Kampen

Status: Case Closed
16.000 kwetsbare Microsoft RDP Gateway systemen online / 16.000 vulnerable Microsoft RDP Gateway systemen online

Lees meer

DIVD-2020-00002 - Wildcard certificaten Citrix ADC Frank Breedijk

Status: Case Closed
Op ruim 450 kwetsbare Citrix ADC systemen hebben wij wildcard certificaten aangetroffen / We have found over 450 vulnerable Citrix ADC that used wildcard certificates

Lees meer

DIVD-2020-00001 - Citrix ADC Frank Breedijk

Status: Closed
Onze status omtrend CVE-2019-19781 / Our current status around CVE-2019-19781

Lees meer

gantt title Cases in 2022 dateFormat YYYY-MM-DD axisFormat %e %b %Y 30 Apr 2021 - DIVD-2021-00006 - SmarterMail (258 days) :2022-01-01, 2022-01-13 2 Jul 2021 - DIVD-2021-00014 - Kaseya Unitrends (open) :2022-01-01, 2023-01-01 10 Jun 2021 - DIVD-2021-00015 - Telegram OD (open) :2022-01-01, 2023-01-01 30 Aug 2021 - DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle (open) :2022-01-01, 2023-01-01 1 Nov 2021 - DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw (open) :2022-01-01, 2023-01-01 16 Nov 2021 - DIVD-2021-00033 - Sites with Potential SQL-Injection (open) :2022-01-01, 2023-01-01 3 Dec 2021 - DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerability (40 days) :2022-01-01, 2022-01-12 9 Dec 2021 - DIVD-2021-00038 - Apache Log4j2 (open) :2022-01-01, 2023-01-01 31 Dec 2021 - DIVD-2021-00039 - HP iLO (open) :2022-01-01, 2023-01-01 7 Dec 2021 - DIVD-2022-00002 - Grafana (open) :2022-01-01, 2023-01-01 7 Dec 2021 - DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections (open) :2022-01-13, 2023-01-01
gantt title Cases in 2021 dateFormat YYYY-MM-DD axisFormat %e %b %Y 26 Oct 2020 - DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR (197 days) :2021-01-01, 2021-05-11 26 Oct 2020 - DIVD-2021-00001 - Microsoft on-prem Exchange Servers (73 days) :2021-03-03, 2021-05-15 26 Oct 2020 - DIVD-2021-00002 - Kaseya VSA (99 days) :2021-04-01, 2021-07-09 26 Oct 2020 - DIVD-2021-00004 - Gelekte phishing gegevens / Leaked phishing credentials (3 days) :2021-05-07, 2021-05-10 26 Oct 2020 - DIVD-2021-00005 - Pulse Secure PreAuth RCE (102 days) :2021-04-21, 2021-08-01 26 Oct 2020 - DIVD-2021-00006 - SmarterMail (258 days)13 Jan 2022 - :2021-04-30, 2022-01-01 26 Oct 2020 - DIVD-2021-00007 - EA Origin XSS and RCE 1-click (83 days) :2021-04-21, 2021-07-13 26 Oct 2020 - DIVD-2021-00010 - vCenter Server PreAuth RCE (184 days) :2021-05-30, 2021-11-30 26 Oct 2020 - DIVD-2021-00011 - Kaseya VSA Limited Disclosure (97 days) :2021-04-01, 2021-07-07 26 Oct 2020 - DIVD-2021-00012 - Warehouse Botnet (15 days) :2021-05-20, 2021-06-04 26 Oct 2020 - DIVD-2021-00014 - Kaseya Unitrends (open) :2021-07-02, 2022-01-01 26 Oct 2020 - DIVD-2021-00015 - Telegram OD (open) :2021-06-10, 2022-01-01 26 Oct 2020 - DIVD-2021-00017 – SolarWinds N-able N-central agent vulnerabilities (81 days) :2021-07-05, 2021-09-24 26 Oct 2020 - DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle (open) :2021-08-30, 2022-01-01 26 Oct 2020 - DIVD-2021-00026 - Omigod Microsoft Open Management Interface RCE (70 days) :2021-09-15, 2021-11-24 26 Oct 2020 - DIVD-2021-00027 - Apache HTTP 2.4.49 Path Traversal and File Disclosure (57 days) :2021-10-05, 2021-12-01 26 Oct 2020 - DIVD-2021-00030 - GitLab Unauthenticated RCE Flaw (open) :2021-11-01, 2022-01-01 26 Oct 2020 - DIVD-2021-00033 - Sites with Potential SQL-Injection (open) :2021-11-16, 2022-01-01 26 Oct 2020 - DIVD-2021-00036 - VMware vCenter Server arbitrary file read vulnerability (40 days)12 Jan 2022 - :2021-12-03, 2022-01-01 26 Oct 2020 - DIVD-2021-00038 - Apache Log4j2 (open) :2021-12-09, 2022-01-01 26 Oct 2020 - DIVD-2021-00039 - HP iLO (open) :2021-12-31, 2022-01-01 26 Oct 2020 - DIVD-2022-00002 - Grafana (open) :2021-12-07, 2022-01-01
gantt title Cases in 2020 dateFormat YYYY-MM-DD axisFormat %e %b %Y 26 Oct 2020 - DIVD-2020-00001 - Citrix ADC (56 days) :2020-01-13, 2020-03-09 26 Oct 2020 - DIVD-2020-00002 - Wildcard certificaten Citrix ADC (13 days) :2020-01-09, 2020-01-22 26 Oct 2020 - DIVD-2020-00003 - Microsoft RDP Gateway vulnerable for Bluegate RCE (42 days) :2020-01-27, 2020-03-09 26 Oct 2020 - DIVD-2020-00004 - List of Mirai botnet victims published with credentials (18 days) :2020-01-20, 2020-02-07 26 Oct 2020 - DIVD-2020-00005 - Apache Tomcat AJP File Read/Inclusion Vulnerability (285 days) :2020-02-22, 2020-12-03 26 Oct 2020 - DIVD-2020-00006 - SMBv3 Server Compression Transform Header Memory Corruption (268 days) :2020-03-10, 2020-12-03 26 Oct 2020 - DIVD-2020-00007 - Citrix ShareFile (28 days) :2020-05-26, 2020-06-23 26 Oct 2020 - DIVD-2020-00008 - 313 000 Wordpress sites scanned (20 days) :2020-11-10, 2020-11-30 26 Oct 2020 - DIVD-2020-00009 - Pulse Secure VPN enterprise Leak (120 days) :2020-08-05, 2020-12-03 26 Oct 2020 - DIVD-2020-00010 - wpDiscuz plugin Remote Code Excution (121 days) :2020-08-04, 2020-12-03 26 Oct 2020 - DIVD-2020-00011 - Four critical vulnerabilities in Vembu BDR (197 days)11 May 2021 - :2020-10-26, 2021-01-01 26 Oct 2020 - DIVD-2020-00012 - 49 000 vulnerable Fortinet VPN devices (11 days) :2020-11-22, 2020-12-03 26 Oct 2020 - DIVD-2020-00013 - Gelekte phishing wachtwoorden / Leaked phishing credentials (11 days) :2020-12-20, 2020-12-31 26 Oct 2020 - DIVD-2020-00014 - SolarWinds Orion (2 days) :2020-12-28, 2020-12-30