Merge pull request #870 from DIVD-NL/global-ngos

global ngos

_cases/2024/DIVD-2024-00004.md

@@ -33,6 +33,18 @@ timeline:
 - start: 2023-10-04
   end:
   event: "Case started"
+- start: 2024-03-01
+  end:
+  event: "Discovery of NGOs and their domains started."
+- start: 2024-09-30
+  end:
+  event: "Roughly 56.000 candidate NGOs found for scanning, continuing discovery."
+- start: 2024-11-04
+  end: 
+  event: "Vulnerability scanning has started on a first set of organisations."
+- start: 2024-11-20
+  end:
+  event: "Proceeding with first round of vulnerability notifications."
 ---
 
 ## Summary

_cases/2024/DIVD-2024-00045.md

@@ -3,7 +3,7 @@ layout: case
 title: "SysAid ITSM SQL Injection vulnerability" 
 author: Max van der Horst
 lead: Max van der Horst
-excerpt: "In May 2024, a SQL Injection vulnerability has been discovered in SysAid ITSM that has been reported to be actively exploited as recent as October 2024. Exploitation can result in unauthorized access to your ITSM system." 
+excerpt: "In March 2024, a SQL Injection vulnerability has been discovered in SysAid ITSM that has been reported to be actively exploited as recent as October 2024. Exploitation can result in unauthorized access to your ITSM system." 
 researchers: 
 - Max van der Horst
 cves:
@@ -34,8 +34,8 @@ timeline:
 ---
 
 ## Summary 
+DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in March 2024 and can lead to unauthorized actors gaining access to your organization's ITSM system.
 
-DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in May 2024 and can lead to unauthorized actors gaining access to your organization's ITSM system.
 
 ## Recommendation