DIVD-2024-00004 - 2024-00004 Global NGOs

Our reference	DIVD-2024-00004
Case lead	Tabitha Vogelaar
Author	Victor Gevers
Researcher(s)	Alwin Warringa Anje Knottnerus Barre Dijkstra Bartlomiej Lizak Emirhan Baser Inanc Yigit Joost Grunwald Joris Cras Kees van Poeijer Lennaert Oudshoorn Luc Groot Landeweer Max van der Horst Raymond Zwarts Serena de Pater Victor Pasman Winko Erades van den Berg
CVE(s)	n/a
Product	n/a
Versions	any
Recommendation	If you received a notification of a vulnerability, patch your system with the information provided in this notification.
Status	Open
Last modified	11 Dec 2024 20:50 CET

Summary

This initiative focuses on identifying and addressing vulnerabilities in the publicly accessible assets of NGOs.

Recommendations

After receiving a notification, it is very important that the vulnerability outlined in the correspondence is promptly addressed and remediated. The notification will provide detailed information, including the specific location and a comprehensive description of the identified vulnerability.

Please do not hesitate to reply to this email if you have any questions or need help with the mitigation process. Our team can readily offer support and guidance to ensure the vulnerability is effectively resolved.

What we are doing

The Dutch Institute for Vulnerability Disclosure (DIVD) has been proactively identifying and assessing non-governmental organizations (NGOs) for potential security vulnerabilities. Our team conducts thorough scans to detect any known weaknesses within these entities. Upon identifying vulnerabilities, we promptly notify and inform the affected organizations.

These notifications are dispatched in multiple phases. The initial phase is in collaboration with Cyber Peace Institute, The Hague Humanity Hub and the The Hague Municipality and is focused on securing NGOs within The Hague. After this collaboration ends, DIVD will continue to scan the rest of the world for vulnerable assets of NGOs to notify and inform them of any vulnerabilities that are found.

Timeline

Date	Description
04 Oct 2023	Case started
01 Mar 2024	Discovery of NGOs and their domains started.
30 Sep 2024	Roughly 56.000 candidate NGOs found for scanning, continuing discovery.
04 Nov 2024	Vulnerability scanning has started on a first set of organisations.
20 Nov 2024	Proceeding with first round of vulnerability notifications.

gantt title DIVD-2024-00004 - 2024-00004 Global NGOs dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2024-00004 - 2024-00004 Global NGOs (still open) :2023-10-04, 2024-12-24 section Events Case started : milestone, 2023-10-04, 0d Discovery of NGOs and their domains started. : milestone, 2024-03-01, 0d Roughly 56.000 candidate NGOs found for scanning, continuing discovery. : milestone, 2024-09-30, 0d Vulnerability scanning has started on a first set of organisations. : milestone, 2024-11-04, 0d Proceeding with first round of vulnerability notifications. : milestone, 2024-11-20, 0d

More information

Free cybersecurity support program for 200 humanitarian NGOs in The Hague.