diff --git a/.eslintrc.js b/.eslintrc.js
index 5dd4e0f2..89f7810a 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -7,6 +7,8 @@ module.exports = {
rules: {
'no-console': 'off',
'comma-dangle': 'off',
- 'max-len': 'off'
- }
+ 'max-len': 'off',
+ indent: 'off',
+ },
+ ignorePatterns: ['node_modules/', 'dist/', 'public/', 'static/'],
};
diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml
index 5ef244ba..213cc35f 100644
--- a/.github/workflows/build_pages_native.yml
+++ b/.github/workflows/build_pages_native.yml
@@ -1,6 +1,6 @@
name: build_test_deploy
run-name: Build and test website (and deploy if needed)
-on:
+on:
push:
branches:
- main
@@ -20,38 +20,39 @@ jobs:
uses: actions/setup-node@v4
with:
node-version: 20
- cache: 'npm'
+ cache: "npm"
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2
with:
hugo-version: '0.139.4' # See https://github.com/gohugoio/hugo/issues/13150
extended: true
- name: Build
- run: |
- npm install
- npm run gen-people
- npm run gen-teams
- npm run update-stats
- hugo --minify
- npm run postbuild
-# - name: Test HTML code
-# uses: Cyb3r-Jak3/html5validator-action@v7.2.0
-# with:
-# root: public
-# - name: Upload HTML test report
-# uses: actions/upload-artifact@v3
-# if: success() || failure() # Run even if we had an error
-# with:
-# name: html5validator_log
-# path: log.log
+ run: |
+ npm install
+ npm run gen-people
+ npm run gen-teams
+ npm run update-stats
+ npm run cms-build
+ hugo --minify
+ npm run postbuild
+ # - name: Test HTML code
+ # uses: Cyb3r-Jak3/html5validator-action@v7.2.0
+ # with:
+ # root: public
+ # - name: Upload HTML test report
+ # uses: actions/upload-artifact@v3
+ # if: success() || failure() # Run even if we had an error
+ # with:
+ # name: html5validator_log
+ # path: log.log
- name: Modify .htacess for staging
- if: ${{ github.ref == 'refs/heads/staging' }}
+ if: ${{ github.ref == 'refs/heads/staging' }}
run: |
- sed -i 's#www\.divd#staging.divd#' public/.htaccess
- sed -i 's#\-2024#-staging#g' public/.htaccess
+ sed -i 's#www\.divd#staging.divd#' public/.htaccess
+ sed -i 's#\-2024#-staging#g' public/.htaccess
- name: rsync deploy staging
uses: burnett01/rsync-deployments@5.2.1
- if: ${{ github.ref == 'refs/heads/staging' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
+ if: ${{ github.ref == 'refs/heads/staging' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
with:
switches: -avzr --delete
path: public/
@@ -61,7 +62,7 @@ jobs:
remote_key: ${{ secrets.DEPLOY_KEY }}
- name: rsync deploy production
uses: burnett01/rsync-deployments@5.2.1
- if: ${{ github.ref == 'refs/heads/main' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
+ if: ${{ github.ref == 'refs/heads/main' }} # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
with:
switches: -avzr --delete
path: public/
@@ -71,6 +72,6 @@ jobs:
remote_key: ${{ secrets.DEPLOY_KEY }}
- name: Deploy GitHub pages
uses: JamesIves/github-pages-deploy-action@v4
- if: ( ${{ github.ref == 'refs/heads/main' }} || ${{ github.ref == 'refs/heads/staging' }} ) # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
+ if: ( ${{ github.ref == 'refs/heads/main' }} || ${{ github.ref == 'refs/heads/staging' }} ) # && ( success() || failure() ) # Remove the && clause when a HTML check is flawless
with:
- folder: admin # The folder the action should deploy.
\ No newline at end of file
+ folder: admin # The folder the action should deploy.
diff --git a/.github/workflows/build_pages_no_push.yml b/.github/workflows/build_pages_no_push.yml
index 1f0c1b1e..4f2b9d10 100644
--- a/.github/workflows/build_pages_no_push.yml
+++ b/.github/workflows/build_pages_no_push.yml
@@ -1,39 +1,40 @@
name: build_and_test_no_deploy
run-name: Build and test website, but not deploy
on:
- pull_request:
+ pull_request:
jobs:
- build_and_test_no_deploy:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout code
- uses: actions/checkout@v3
- - name: Setup Node
- uses: actions/setup-node@v4
- with:
- node-version: 20
- cache: 'npm'
- - name: Setup Hugo
- uses: peaceiris/actions-hugo@v2
- with:
- hugo-version: '0.139.4' # See https://github.com/gohugoio/hugo/issues/13150
- extended: true
- - name: Build
- run: |
- npm install
- npm run gen-people
- npm run gen-teams
- npm run update-stats
- hugo --minify
- npm run postbuild
- # - name: Test HTML code
- # uses: Cyb3r-Jak3/html5validator-action@v7.2.0
- # with:
- # root: public
- # - name: Upload HTML test report
- # uses: actions/upload-artifact@v3
- # if: success() || failure() # Run even if we had an error
- # with:
- # name: html5validator_log
- # path: log.log
\ No newline at end of file
+ build_and_test_no_deploy:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+ - name: Setup Node
+ uses: actions/setup-node@v4
+ with:
+ node-version: 20
+ cache: "npm"
+ - name: Setup Hugo
+ uses: peaceiris/actions-hugo@v2
+ with:
+ hugo-version: '0.139.4' # See https://github.com/gohugoio/hugo/issues/13150
+ extended: true
+ - name: Build
+ run: |
+ npm install
+ npm run gen-people
+ npm run gen-teams
+ npm run update-stats
+ npm run cms-build
+ hugo --minify
+ npm run postbuild
+ # - name: Test HTML code
+ # uses: Cyb3r-Jak3/html5validator-action@v7.2.0
+ # with:
+ # root: public
+ # - name: Upload HTML test report
+ # uses: actions/upload-artifact@v3
+ # if: success() || failure() # Run even if we had an error
+ # with:
+ # name: html5validator_log
+ # path: log.log
diff --git a/.gitignore b/.gitignore
index 49eecb95..338c513f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@
public
resources
out
+dist
# Package dependencies
node_modules/
diff --git a/.prettierrc b/.prettierrc
index fd30b437..af7517e1 100644
--- a/.prettierrc
+++ b/.prettierrc
@@ -4,7 +4,6 @@
"files": ["*.html"],
"options": {
"parser": "go-template",
- "goTemplateBracketSpacing": true,
"bracketSameLine": true
}
},
@@ -15,5 +14,6 @@
"singleQuote": true
}
}
- ]
+ ],
+ "plugins": ["prettier-plugin-go-template"]
}
diff --git a/README.md b/README.md
index 9ddcc1c4..0a2006aa 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,11 @@
# DIVD website
-If you notice anything that might need improvement or is just not working for you, let us know. Feel free to give feedback by sumbitting an issue. Bonuspoints for a detailled description and screenshots if possible.
+If you notice anything that might need improvement or is just not working for you, let us know. Feel free to give feedback by sumbitting an issue. Bonuspoints for a detailled description and screenshots if possible.
# Chocolate Requests
-A pull request is like a box of chocolate...
-The first 10 pull requests that genuinely improve the website will receive a box of chocolates. Pull requests related to spelling or typographical errors do not count. We all like a challenge right?
+A pull request is like a box of chocolate...
+The first 10 pull requests that genuinely improve the website will receive a box of chocolates. Pull requests related to spelling or typographical errors do not count. We all like a challenge right?
# Prerequisites
@@ -42,14 +42,7 @@ npm run gen-teams
## Local admin
```sh
-just admin
-open http://localhost:8000
-just admin-stop #when done
-
-# equivalent to:
-
-npx decap-server
-python3 -m http.server --directory ./admin/development
+npm run cms
```
## Test production version
diff --git a/admin/config.yml b/admin/config.yml
index b5cbd2af..300a80e4 100644
--- a/admin/config.yml
+++ b/admin/config.yml
@@ -76,7 +76,7 @@ collections:
public_folder: "/images/",
media_folder: "/assets/images/",
required: true,
- i18n: true
+ i18n: true,
}
- {
label: t1_alt,
@@ -92,7 +92,7 @@ collections:
public_folder: "/images/",
media_folder: "/assets/images/",
required: true,
- i18n: true
+ i18n: true,
}
- {
label: t2_alt,
@@ -108,7 +108,7 @@ collections:
public_folder: "/images/",
media_folder: "/assets/images/",
required: true,
- i18n: true
+ i18n: true,
}
- {
label: t3_alt,
@@ -171,7 +171,12 @@ collections:
widget: list
i18n: true
fields:
- - { label: "heading", name: "heading", widget: "string", i18n: true }
+ - {
+ label: "heading",
+ name: "heading",
+ widget: "string",
+ i18n: true,
+ }
- {
label: "FAQs",
name: "faqs",
@@ -494,7 +499,12 @@ collections:
slug: "{{slug}}"
fields:
- { label: "Title", name: "title", widget: "string", i18n: true }
- - { label: "Publish Date", name: "date", widget: "datetime", format: "YYYY-MM-DDTHH:mm:ssZ" }
+ - {
+ label: "Publish Date",
+ name: "date",
+ widget: "datetime",
+ format: "YYYY-MM-DDTHH:mm:ssZ",
+ }
- label: "Author(s)"
name: "author"
widget: "relation"
@@ -593,80 +603,92 @@ collections:
],
}
- { label: "Body", name: "body", widget: "markdown", i18n: true }
- - { label: "Enable FAQ", name: "faq_enabled", widget: "boolean", default: false }
+ - {
+ label: "Enable FAQ",
+ name: "faq_enabled",
+ widget: "boolean",
+ default: false,
+ }
- {
label: "FAQ",
required: false,
name: "faq",
widget: "object",
collapsed: true,
- fields: [
- {
- label: "FAQ Title",
- name: "title",
- widget: "string",
- default: "faq",
- required: false,
- i18n: true
- },
- {
- label: "FAQ Opener",
- name: "opener",
- widget: "string",
- required: false,
- i18n: true
- },
- {
- label: "FAQ Intro",
- name: "intro",
- widget: "text",
- required: false,
- i18n: true
- },
- {
- label: "FAQ 'All FAQ' Url",
- name: "url",
- widget: "string",
- required: false,
- i18n: true
- },
- {
- label: "FAQ groups",
- name: "faqgroups",
- widget: list,
- i18n: true,
- required: false,
- fields:
- [
- { label: "heading", name: "heading", widget: "string", required: false, i18n: true },
- {
- label: "FAQs",
- name: "faqs",
- widget: list,
- i18n: true,
- required: false,
- fields:
- [
- {
- label: "Title",
- name: "title",
- widget: "string",
- required: false,
- i18n: true,
- },
- {
- label: "Description",
- name: "description",
- widget: "markdown",
- required: false,
- i18n: true,
- },
- ],
- }
- ]
- }
- ]
- }
+ fields:
+ [
+ {
+ label: "FAQ Title",
+ name: "title",
+ widget: "string",
+ default: "faq",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ Opener",
+ name: "opener",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ Intro",
+ name: "intro",
+ widget: "text",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ 'All FAQ' Url",
+ name: "url",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ groups",
+ name: "faqgroups",
+ widget: list,
+ i18n: true,
+ required: false,
+ fields:
+ [
+ {
+ label: "heading",
+ name: "heading",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQs",
+ name: "faqs",
+ widget: list,
+ i18n: true,
+ required: false,
+ fields:
+ [
+ {
+ label: "Title",
+ name: "title",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "Description",
+ name: "description",
+ widget: "markdown",
+ required: false,
+ i18n: true,
+ },
+ ],
+ },
+ ],
+ },
+ ],
+ }
######################################
# SECTION: Contribute
@@ -829,7 +851,12 @@ collections:
name: "donations"
widget: "list"
fields:
- - { label: "Date", name: "date", widget: "datetime", format: "YYYY-MM-DDTHH:mm:ssZ" }
+ - {
+ label: "Date",
+ name: "date",
+ widget: "datetime",
+ format: "YYYY-MM-DDTHH:mm:ssZ",
+ }
- label: "Amount"
name: "amount"
hint: "include currency symbol"
@@ -1057,12 +1084,7 @@ collections:
create: false
i18n: true
fields:
- - {
- label: "type",
- name: "type",
- widget: "hidden",
- value: "codeofethics",
- }
+ - { label: "type", name: "type", widget: "hidden", value: "codeofethics" }
- { label: "Title", name: "title", widget: "string", i18n: true }
- { label: "Body", name: "body", widget: "markdown", i18n: true }
@@ -1415,7 +1437,6 @@ collections:
required: false
i18n: true
-
######################################
# SECTION: Dictionary
####
diff --git a/admin/development/config-dev.yml b/admin/development/config-dev.yml
index e919d346..8ba44b90 100644
--- a/admin/development/config-dev.yml
+++ b/admin/development/config-dev.yml
@@ -76,7 +76,7 @@ collections:
public_folder: "/images/",
media_folder: "/assets/images/",
required: true,
- i18n: true
+ i18n: true,
}
- {
label: t1_alt,
@@ -92,7 +92,7 @@ collections:
public_folder: "/images/",
media_folder: "/assets/images/",
required: true,
- i18n: true
+ i18n: true,
}
- {
label: t2_alt,
@@ -108,7 +108,7 @@ collections:
public_folder: "/images/",
media_folder: "/assets/images/",
required: true,
- i18n: true
+ i18n: true,
}
- {
label: t3_alt,
@@ -171,7 +171,12 @@ collections:
widget: list
i18n: true
fields:
- - { label: "heading", name: "heading", widget: "string", i18n: true }
+ - {
+ label: "heading",
+ name: "heading",
+ widget: "string",
+ i18n: true,
+ }
- {
label: "FAQs",
name: "faqs",
@@ -494,7 +499,12 @@ collections:
slug: "{{slug}}"
fields:
- { label: "Title", name: "title", widget: "string", i18n: true }
- - { label: "Publish Date", name: "date", widget: "datetime", format: "YYYY-MM-DDTHH:mm:ssZ" }
+ - {
+ label: "Publish Date",
+ name: "date",
+ widget: "datetime",
+ format: "YYYY-MM-DDTHH:mm:ssZ",
+ }
- label: "Author(s)"
name: "author"
widget: "relation"
@@ -593,80 +603,92 @@ collections:
],
}
- { label: "Body", name: "body", widget: "markdown", i18n: true }
- - { label: "Enable FAQ", name: "faq_enabled", widget: "boolean", default: false }
+ - {
+ label: "Enable FAQ",
+ name: "faq_enabled",
+ widget: "boolean",
+ default: false,
+ }
- {
label: "FAQ",
required: false,
name: "faq",
widget: "object",
collapsed: true,
- fields: [
- {
- label: "FAQ Title",
- name: "title",
- widget: "string",
- default: "faq",
- required: false,
- i18n: true
- },
- {
- label: "FAQ Opener",
- name: "opener",
- widget: "string",
- required: false,
- i18n: true
- },
- {
- label: "FAQ Intro",
- name: "intro",
- widget: "text",
- required: false,
- i18n: true
- },
- {
- label: "FAQ 'All FAQ' Url",
- name: "url",
- widget: "string",
- required: false,
- i18n: true
- },
- {
- label: "FAQ groups",
- name: "faqgroups",
- widget: list,
- i18n: true,
- required: false,
- fields:
- [
- { label: "heading", name: "heading", widget: "string", required: false, i18n: true },
- {
- label: "FAQs",
- name: "faqs",
- widget: list,
- i18n: true,
- required: false,
- fields:
- [
- {
- label: "Title",
- name: "title",
- widget: "string",
- required: false,
- i18n: true,
- },
- {
- label: "Description",
- name: "description",
- widget: "markdown",
- required: false,
- i18n: true,
- },
- ],
- }
- ]
- }
- ]
- }
+ fields:
+ [
+ {
+ label: "FAQ Title",
+ name: "title",
+ widget: "string",
+ default: "faq",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ Opener",
+ name: "opener",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ Intro",
+ name: "intro",
+ widget: "text",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ 'All FAQ' Url",
+ name: "url",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ groups",
+ name: "faqgroups",
+ widget: list,
+ i18n: true,
+ required: false,
+ fields:
+ [
+ {
+ label: "heading",
+ name: "heading",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQs",
+ name: "faqs",
+ widget: list,
+ i18n: true,
+ required: false,
+ fields:
+ [
+ {
+ label: "Title",
+ name: "title",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "Description",
+ name: "description",
+ widget: "markdown",
+ required: false,
+ i18n: true,
+ },
+ ],
+ },
+ ],
+ },
+ ],
+ }
######################################
# SECTION: Contribute
@@ -829,7 +851,12 @@ collections:
name: "donations"
widget: "list"
fields:
- - { label: "Date", name: "date", widget: "datetime", format: "YYYY-MM-DDTHH:mm:ssZ" }
+ - {
+ label: "Date",
+ name: "date",
+ widget: "datetime",
+ format: "YYYY-MM-DDTHH:mm:ssZ",
+ }
- label: "Amount"
name: "amount"
hint: "include currency symbol"
@@ -1057,12 +1084,7 @@ collections:
create: false
i18n: true
fields:
- - {
- label: "type",
- name: "type",
- widget: "hidden",
- value: "codeofethics",
- }
+ - { label: "type", name: "type", widget: "hidden", value: "codeofethics" }
- { label: "Title", name: "title", widget: "string", i18n: true }
- { label: "Body", name: "body", widget: "markdown", i18n: true }
diff --git a/admin/development/index.html b/admin/development/index.html
index b1d18392..e454b341 100644
--- a/admin/development/index.html
+++ b/admin/development/index.html
@@ -1,12 +1,16 @@
-
+
DIVD Dev CMS
-
-
+
+
diff --git a/admin/index.html b/admin/index.html
index e1f2779f..b7730d65 100644
--- a/admin/index.html
+++ b/admin/index.html
@@ -1,4 +1,4 @@
-
+
@@ -11,4 +11,4 @@
-
\ No newline at end of file
+
diff --git a/admin/new-cms/.gitignore b/admin/new-cms/.gitignore
new file mode 100644
index 00000000..4433fac1
--- /dev/null
+++ b/admin/new-cms/.gitignore
@@ -0,0 +1,2 @@
+# We just want to ignore everything in this folder since Vite will build the files for us
+*
\ No newline at end of file
diff --git a/admin/staging/config-staging.yml b/admin/staging/config-staging.yml
index af0cbc75..3fdfe296 100644
--- a/admin/staging/config-staging.yml
+++ b/admin/staging/config-staging.yml
@@ -76,7 +76,7 @@ collections:
public_folder: "/images/",
media_folder: "/assets/images/",
required: true,
- i18n: true
+ i18n: true,
}
- {
label: t1_alt,
@@ -92,7 +92,7 @@ collections:
public_folder: "/images/",
media_folder: "/assets/images/",
required: true,
- i18n: true
+ i18n: true,
}
- {
label: t2_alt,
@@ -108,7 +108,7 @@ collections:
public_folder: "/images/",
media_folder: "/assets/images/",
required: true,
- i18n: true
+ i18n: true,
}
- {
label: t3_alt,
@@ -171,7 +171,12 @@ collections:
widget: list
i18n: true
fields:
- - { label: "heading", name: "heading", widget: "string", i18n: true }
+ - {
+ label: "heading",
+ name: "heading",
+ widget: "string",
+ i18n: true,
+ }
- {
label: "FAQs",
name: "faqs",
@@ -494,7 +499,12 @@ collections:
slug: "{{slug}}"
fields:
- { label: "Title", name: "title", widget: "string", i18n: true }
- - { label: "Publish Date", name: "date", widget: "datetime", format: "YYYY-MM-DDTHH:mm:ssZ" }
+ - {
+ label: "Publish Date",
+ name: "date",
+ widget: "datetime",
+ format: "YYYY-MM-DDTHH:mm:ssZ",
+ }
- label: "Author(s)"
name: "author"
widget: "relation"
@@ -593,80 +603,92 @@ collections:
],
}
- { label: "Body", name: "body", widget: "markdown", i18n: true }
- - { label: "Enable FAQ", name: "faq_enabled", widget: "boolean", default: false }
+ - {
+ label: "Enable FAQ",
+ name: "faq_enabled",
+ widget: "boolean",
+ default: false,
+ }
- {
label: "FAQ",
required: false,
name: "faq",
widget: "object",
collapsed: true,
- fields: [
- {
- label: "FAQ Title",
- name: "title",
- widget: "string",
- default: "faq",
- required: false,
- i18n: true
- },
- {
- label: "FAQ Opener",
- name: "opener",
- widget: "string",
- required: false,
- i18n: true
- },
- {
- label: "FAQ Intro",
- name: "intro",
- widget: "text",
- required: false,
- i18n: true
- },
- {
- label: "FAQ 'All FAQ' Url",
- name: "url",
- widget: "string",
- required: false,
- i18n: true
- },
- {
- label: "FAQ groups",
- name: "faqgroups",
- widget: list,
- i18n: true,
- required: false,
- fields:
- [
- { label: "heading", name: "heading", widget: "string", required: false, i18n: true },
- {
- label: "FAQs",
- name: "faqs",
- widget: list,
- i18n: true,
- required: false,
- fields:
- [
- {
- label: "Title",
- name: "title",
- widget: "string",
- required: false,
- i18n: true,
- },
- {
- label: "Description",
- name: "description",
- widget: "markdown",
- required: false,
- i18n: true,
- },
- ],
- }
- ]
- }
- ]
- }
+ fields:
+ [
+ {
+ label: "FAQ Title",
+ name: "title",
+ widget: "string",
+ default: "faq",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ Opener",
+ name: "opener",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ Intro",
+ name: "intro",
+ widget: "text",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ 'All FAQ' Url",
+ name: "url",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQ groups",
+ name: "faqgroups",
+ widget: list,
+ i18n: true,
+ required: false,
+ fields:
+ [
+ {
+ label: "heading",
+ name: "heading",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "FAQs",
+ name: "faqs",
+ widget: list,
+ i18n: true,
+ required: false,
+ fields:
+ [
+ {
+ label: "Title",
+ name: "title",
+ widget: "string",
+ required: false,
+ i18n: true,
+ },
+ {
+ label: "Description",
+ name: "description",
+ widget: "markdown",
+ required: false,
+ i18n: true,
+ },
+ ],
+ },
+ ],
+ },
+ ],
+ }
######################################
# SECTION: Contribute
@@ -829,7 +851,12 @@ collections:
name: "donations"
widget: "list"
fields:
- - { label: "Date", name: "date", widget: "datetime", format: "YYYY-MM-DDTHH:mm:ssZ" }
+ - {
+ label: "Date",
+ name: "date",
+ widget: "datetime",
+ format: "YYYY-MM-DDTHH:mm:ssZ",
+ }
- label: "Amount"
name: "amount"
hint: "include currency symbol"
@@ -1057,12 +1084,7 @@ collections:
create: false
i18n: true
fields:
- - {
- label: "type",
- name: "type",
- widget: "hidden",
- value: "codeofethics",
- }
+ - { label: "type", name: "type", widget: "hidden", value: "codeofethics" }
- { label: "Title", name: "title", widget: "string", i18n: true }
- { label: "Body", name: "body", widget: "markdown", i18n: true }
@@ -1415,7 +1437,6 @@ collections:
required: false
i18n: true
-
######################################
# SECTION: Dictionary
####
diff --git a/admin/staging/index.html b/admin/staging/index.html
index f672d9b5..a607d9dc 100644
--- a/admin/staging/index.html
+++ b/admin/staging/index.html
@@ -1,12 +1,16 @@
-
+
DIVD Staging CMS
-
-
+
+
diff --git a/assets/scss/fonts.scss b/assets/scss/fonts.scss
index 36956fbd..da1d3fe1 100644
--- a/assets/scss/fonts.scss
+++ b/assets/scss/fonts.scss
@@ -1,66 +1,69 @@
/* source-sans-3-regular - latin */
@font-face {
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
- font-family: 'Source Sans 3';
+ font-family: "Source Sans 3";
font-style: normal;
font-weight: 400;
- src: url('/font/sourcesans3/source-sans-3-v10-latin-regular.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+ src: url("/font/sourcesans3/source-sans-3-v10-latin-regular.woff2")
+ format("woff2"); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
}
/* source-sans-3-italic - latin */
@font-face {
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
- font-family: 'Source Sans 3';
+ font-family: "Source Sans 3";
font-style: italic;
font-weight: 400;
- src: url('/font/sourcesans3/source-sans-3-v10-latin-italic.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+ src: url("/font/sourcesans3/source-sans-3-v10-latin-italic.woff2")
+ format("woff2"); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
}
/* source-sans-3-900 - latin */
@font-face {
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
- font-family: 'Source Sans 3';
+ font-family: "Source Sans 3";
font-style: normal;
font-weight: 900;
- src: url('/font/sourcesans3/source-sans-3-v10-latin-900.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+ src: url("/font/sourcesans3/source-sans-3-v10-latin-900.woff2")
+ format("woff2"); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
}
/* source-sans-3-900italic - latin */
@font-face {
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
- font-family: 'Source Sans 3';
+ font-family: "Source Sans 3";
font-style: italic;
font-weight: 900;
- src: url('/font/sourcesans3/source-sans-3-v10-latin-900italic.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+ src: url("/font/sourcesans3/source-sans-3-v10-latin-900italic.woff2")
+ format("woff2"); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
}
-
/* open-sans-regular - latin */
@font-face {
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
- font-family: 'Open Sans';
+ font-family: "Open Sans";
font-style: normal;
font-weight: 400;
- src: url('/font/opensans/open-sans-v36-latin-regular.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+ src: url("/font/opensans/open-sans-v36-latin-regular.woff2") format("woff2"); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
}
/* open-sans-italic - latin */
@font-face {
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
- font-family: 'Open Sans';
+ font-family: "Open Sans";
font-style: italic;
font-weight: 400;
- src: url('/font/opensans/open-sans-v36-latin-italic.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+ src: url("/font/opensans/open-sans-v36-latin-italic.woff2") format("woff2"); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
}
/* open-sans-700 - latin */
@font-face {
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
- font-family: 'Open Sans';
+ font-family: "Open Sans";
font-style: normal;
font-weight: 700;
- src: url('/font/opensans/open-sans-v36-latin-700.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+ src: url("/font/opensans/open-sans-v36-latin-700.woff2") format("woff2"); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
}
/* open-sans-700italic - latin */
@font-face {
font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */
- font-family: 'Open Sans';
+ font-family: "Open Sans";
font-style: italic;
font-weight: 700;
- src: url('/font/opensans/open-sans-v36-latin-700italic.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
-}
\ No newline at end of file
+ src: url("/font/opensans/open-sans-v36-latin-700italic.woff2") format("woff2"); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+}
diff --git a/assets/scss/pages/newsroom.scss b/assets/scss/pages/newsroom.scss
index fb149e5f..a452a4fb 100644
--- a/assets/scss/pages/newsroom.scss
+++ b/assets/scss/pages/newsroom.scss
@@ -1,6 +1,4 @@
-
.newsroom {
-
&.articles {
padding-top: 64px;
}
@@ -9,21 +7,19 @@
display: grid;
grid-gap: 32px;
grid-template-columns: 1fr 1fr;
- grid-template-rows: repeat(4, 320px);
+ grid-template-rows: repeat(4, 320px);
//grid-auto-rows: minmax(min-content, max-content);
}
-
.highlight {
grid-row: 1 / 3;
- background-color: #1D1D1D;
+ background-color: #1d1d1d;
border-radius: 20px;
color: #fff;
figure {
-
border-radius: 20px 20px 0 0;
margin-bottom: 16px;
position: relative;
@@ -46,10 +42,9 @@
}
.article {
-
border-radius: 20px;
background-color: #f2f2f2;
- box-shadow: 0 0 16px rgba(0,0,0,0.1);
+ box-shadow: 0 0 16px rgba(0, 0, 0, 0.1);
overflow: hidden;
display: flex;
@@ -71,7 +66,9 @@
line-clamp: 3; /* Limits the text to 3 lines */
overflow: hidden;
text-overflow: ellipsis;
- max-height: calc(1.5em * 3); /* Adjusts based on line height and number of lines */
+ max-height: calc(
+ 1.5em * 3
+ ); /* Adjusts based on line height and number of lines */
line-height: 1.5em; /* Ensure this matches the line-height used */
}
}
@@ -102,12 +99,9 @@
object-fit: cover;
}
}
-
}
-
}
-
.article-body {
display: flex;
padding: 16px 42px 50px 50px;
@@ -142,9 +136,8 @@
aside {
flex: 0 0 330px;
-
section {
- background-color: #F2F2F2;
+ background-color: #f2f2f2;
border-radius: 20px;
padding: 20px;
@@ -168,7 +161,7 @@
}
}
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
display: block;
padding: 16px;
}
@@ -191,9 +184,6 @@ ul.pagination {
li {
margin: 0 8px;
-
-
-
a {
display: block;
border: 1px solid transparent;
@@ -215,6 +205,5 @@ ul.pagination {
&.disabled a {
opacity: 0.2;
}
-
}
-}
\ No newline at end of file
+}
diff --git a/assets/scss/reset.scss b/assets/scss/reset.scss
index af944401..45a05ecf 100644
--- a/assets/scss/reset.scss
+++ b/assets/scss/reset.scss
@@ -3,46 +3,127 @@
License: none (public domain)
*/
-html, body, div, span, applet, object, iframe,
-h1, h2, h3, h4, h5, h6, p, blockquote, pre,
-a, abbr, acronym, address, big, cite, code,
-del, dfn, em, img, ins, kbd, q, s, samp,
-small, strike, strong, sub, sup, tt, var,
-b, u, i, center,
-dl, dt, dd, ol, ul, li,
-fieldset, form, label, legend,
-table, caption, tbody, tfoot, thead, tr, th, td,
-article, aside, canvas, details, embed,
-figure, figcaption, footer, header, hgroup,
-menu, nav, output, ruby, section, summary,
-time, mark, audio, video {
- margin: 0;
- padding: 0;
- border: 0;
- font-size: 100%;
- font: inherit;
- vertical-align: baseline;
+html,
+body,
+div,
+span,
+applet,
+object,
+iframe,
+h1,
+h2,
+h3,
+h4,
+h5,
+h6,
+p,
+blockquote,
+pre,
+a,
+abbr,
+acronym,
+address,
+big,
+cite,
+code,
+del,
+dfn,
+em,
+img,
+ins,
+kbd,
+q,
+s,
+samp,
+small,
+strike,
+strong,
+sub,
+sup,
+tt,
+var,
+b,
+u,
+i,
+center,
+dl,
+dt,
+dd,
+ol,
+ul,
+li,
+fieldset,
+form,
+label,
+legend,
+table,
+caption,
+tbody,
+tfoot,
+thead,
+tr,
+th,
+td,
+article,
+aside,
+canvas,
+details,
+embed,
+figure,
+figcaption,
+footer,
+header,
+hgroup,
+menu,
+nav,
+output,
+ruby,
+section,
+summary,
+time,
+mark,
+audio,
+video {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-size: 100%;
+ font: inherit;
+ vertical-align: baseline;
}
/* HTML5 display-role reset for older browsers */
-article, aside, details, figcaption, figure,
-footer, header, hgroup, menu, nav, section {
- display: block;
+article,
+aside,
+details,
+figcaption,
+figure,
+footer,
+header,
+hgroup,
+menu,
+nav,
+section {
+ display: block;
}
body {
- line-height: 1;
+ line-height: 1;
}
-ol, ul {
- list-style: none;
+ol,
+ul {
+ list-style: none;
}
-blockquote, q {
- quotes: none;
+blockquote,
+q {
+ quotes: none;
}
-blockquote:before, blockquote:after,
-q:before, q:after {
- content: '';
- content: none;
+blockquote:before,
+blockquote:after,
+q:before,
+q:after {
+ content: "";
+ content: none;
}
table {
- border-collapse: collapse;
- border-spacing: 0;
-}
\ No newline at end of file
+ border-collapse: collapse;
+ border-spacing: 0;
+}
diff --git a/assets/scss/typography.scss b/assets/scss/typography.scss
index 96f25b3e..60824550 100644
--- a/assets/scss/typography.scss
+++ b/assets/scss/typography.scss
@@ -1,6 +1,17 @@
body {
- font-family: 'Open Sans', -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Oxygen,
- Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;
+ font-family:
+ "Open Sans",
+ -apple-system,
+ BlinkMacSystemFont,
+ Segoe UI,
+ Roboto,
+ Oxygen,
+ Ubuntu,
+ Cantarell,
+ Fira Sans,
+ Droid Sans,
+ Helvetica Neue,
+ sans-serif;
font-size: 18px;
}
@@ -25,7 +36,7 @@ h3 {
font-family: var(--font-text);
font-weight: 700;
margin-bottom: 0.4em;
- line-height: 1.2em;
+ line-height: 1.2em;
}
h6 {
@@ -76,11 +87,10 @@ li {
}
p.primary {
- color: var(--brand)!important;
+ color: var(--brand) !important;
font-size: 1em;
}
-
.brand {
color: var(--brand);
}
@@ -116,25 +126,24 @@ strong {
p {
font-size: 1em;
}
-
}
-
-
.reverse {
-
- h1, h2, p, div, a {
+ h1,
+ h2,
+ p,
+ div,
+ a {
color: #fff; /* TODO VAR */
}
-
a {
border-bottom: 1px solid white;
}
-
}
-.p, .markdown {
+.p,
+.markdown {
font-family: var(--font-text);
font-size: 1em;
line-height: 1.6em;
@@ -153,10 +162,10 @@ strong {
ul {
list-style-position: inside;
}
-
-
}
-li, li li, li li li {
+li,
+li li,
+li li li {
font-size: 1em;
-}
\ No newline at end of file
+}
diff --git a/assets/scss/ui/accordion.scss b/assets/scss/ui/accordion.scss
index c0116045..73ab7859 100644
--- a/assets/scss/ui/accordion.scss
+++ b/assets/scss/ui/accordion.scss
@@ -10,7 +10,6 @@
border-bottom: 1px solid black;
-
> h3 {
display: flex;
align-items: center;
@@ -19,7 +18,7 @@
display: pointer;
span {
- margin-left: 16px;
+ margin-left: 16px;
transform-origin: center;
}
}
@@ -27,16 +26,14 @@
> h3 span::after {
content: url("data:image/svg+xml,%3Csvg viewBox='0 0 14 8' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M13.3793 1.3614L12.0906 0.0727085L6.80938 5.35396L1.52792 0.0725092L0.239236 1.3612L6.80541 7.92737L6.80918 7.9236L6.81315 7.92757L13.3793 1.3614Z' /%3E%3C/svg%3E");
display: inline-block;
- width: 16px;
- height: 16px;
+ width: 16px;
+ height: 16px;
}
-
&:first-of-type {
padding-top: 0;
}
-
&.active {
h3 {
span {
@@ -50,12 +47,11 @@
}
}
-
details {
margin-top: 16px;
summary {
border-radius: 22px;
- background-color: #F2F2F2;
+ background-color: #f2f2f2;
color: black;
text-transform: uppercase;
display: inline-flex;
@@ -68,24 +64,21 @@
display: none;
}
}
-
}
details[open] {
padding-bottom: 16px;
- summary {
+ summary {
position: absolute;
bottom: 0px;
left: 0;
span {
- display:none;
+ display: none;
}
em {
display: block;
}
-
}
}
-
-}
\ No newline at end of file
+}
diff --git a/assets/scss/ui/carousel.scss b/assets/scss/ui/carousel.scss
index e772897b..33904ddf 100644
--- a/assets/scss/ui/carousel.scss
+++ b/assets/scss/ui/carousel.scss
@@ -6,7 +6,7 @@
.slides {
padding-top: 16px;
padding-bottom: 16px;
-
+
padding-left: 8px;
display: flex;
@@ -27,7 +27,6 @@
background: transparent;
}
-
> * {
margin-right: 32px;
width: calc(var(--item-width) - 32px);
@@ -37,14 +36,11 @@
}
}
-
-
.pages {
display: flex;
align-items: center;
color: white;
-
div {
margin-left: 16px;
}
@@ -56,8 +52,7 @@
}
}
- @media(max-width: 700px) {
-
+ @media (max-width: 700px) {
.slides {
> * {
width: calc(100vw - 32px);
@@ -72,7 +67,6 @@
}
}
-
.smallousel {
background-color: #fff;
border-radius: 64px;
@@ -97,19 +91,19 @@
overflow: hidden;
position: relative;
height: 64px;
-
+
.slides {
position: absolute;
width: 100%;
overflow-x: auto;
scroll-snap-type: x mandatory;
scroll-behavior: smooth;
- display: flex;
+ display: flex;
flex-wrap: nowrap;
-
- -ms-overflow-style: none; /* IE and Edge */
- scrollbar-width: none; /* Firefox */
-
+
+ -ms-overflow-style: none; /* IE and Edge */
+ scrollbar-width: none; /* Firefox */
+
&::-webkit-scrollbar {
display: none;
}
@@ -120,7 +114,7 @@
&::-webkit-scrollbar-track {
background: transparent;
}
-
+
section {
filter: grayscale(100%);
transition: filter 0.3s ease;
@@ -129,18 +123,18 @@
align-items: center; /* Center image vertically */
width: 115.2px; /* Ensure fixed width for each section */
height: 64px; /* Ensure fixed height for each section */
-
+
&:hover {
filter: grayscale(0%);
}
}
}
-
+
img {
max-height: 64px;
max-width: 115.2px;
width: auto; /* Maintain aspect ratio */
height: auto; /* Maintain aspect ratio */
}
- }
+ }
}
diff --git a/assets/scss/ui/footer.scss b/assets/scss/ui/footer.scss
index cafdbc53..1bf6aecf 100644
--- a/assets/scss/ui/footer.scss
+++ b/assets/scss/ui/footer.scss
@@ -1,5 +1,5 @@
footer.main {
- background-color: #1D1D1D;
+ background-color: #1d1d1d;
display: flex;
flex-direction: column;
@@ -40,7 +40,7 @@ footer.main {
}
}
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
article {
padding: 16px;
.container {
@@ -73,7 +73,6 @@ footer.main {
li {
padding-right: 16px;
ul {
-
li {
padding-bottom: 8px;
a {
@@ -88,7 +87,7 @@ footer.main {
}
}
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
li {
ul {
li {
@@ -102,7 +101,7 @@ footer.main {
}
.ethics-footer {
- margin-top: 40px !important;
+ margin-top: 40px !important;
background-color: #fff;
border-radius: 42px;
max-width: var(--cw);
@@ -110,24 +109,23 @@ footer.main {
overflow: hidden;
display: flex;
- h3, p {
+ h3,
+ p {
color: #000;
}
-
img {
flex: 0 0 30%;
- object-fit: cover;
+ object-fit: cover;
height: 220px;
}
-
.content {
flex: 1 1 auto;
padding: 20px 16px;
}
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
flex-direction: column;
img {
@@ -139,4 +137,4 @@ footer.main {
.subtle {
opacity: 0.6;
line-height: 22px;
-}
\ No newline at end of file
+}
diff --git a/assets/scss/ui/layout.scss b/assets/scss/ui/layout.scss
index b6477071..e7a3a458 100644
--- a/assets/scss/ui/layout.scss
+++ b/assets/scss/ui/layout.scss
@@ -1,16 +1,14 @@
.ps {
-
&.ps-hide {
overflow-x: hidden;
}
-
&.ps-default {
background-color: #fff;
}
&.ps-inverse {
- background-color:#1D1D1D;
+ background-color: #1d1d1d;
}
&.ps-primary {
@@ -18,31 +16,37 @@
}
&.ps-gradient {
- background: linear-gradient(3.3deg, #FFFFFF 59.39%, rgba(61, 220, 235, 0.2) 97.41%);
+ background: linear-gradient(
+ 3.3deg,
+ #ffffff 59.39%,
+ rgba(61, 220, 235, 0.2) 97.41%
+ );
}
&.ps-gradient-reverse {
background: linear-gradient(to top, rgba(61, 220, 235, 0.2) 50%, #fff 100%);
}
-
- &.ps-overlap {
- background: linear-gradient(to bottom, #fff 0%, #fff 64px, #1D1D1D 64px, #1D1D1D 100%);
+ &.ps-overlap {
+ background: linear-gradient(
+ to bottom,
+ #fff 0%,
+ #fff 64px,
+ #1d1d1d 64px,
+ #1d1d1d 100%
+ );
.ps-container {
-
background: transparent url("/assets/bubble.png") no-repeat 60% 120px;
}
}
-
&.ps-overlap-top {
.ps-container {
position: relative;
top: -128px;
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
top: -64px;
-
}
}
}
@@ -79,51 +83,46 @@
&.ps-round-topright {
border-top-right-radius: 300px; /* TODO: var */
}
-
+
&.ps-round-topleft {
border-top-left-radius: 300px;
}
-
+
&.ps-round-bottomright {
border-bottom-right-radius: 300px;
}
-
+
&.ps-round-bottomleft {
border-bottom-left-radius: 300px;
}
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
padding-top: 32px;
&.ps-round-topright {
border-top-right-radius: 56px; /* TODO: var */
}
-
+
&.ps-round-topleft {
border-top-left-radius: 56px;
}
-
+
&.ps-round-bottomright {
border-bottom-right-radius: 56px;
}
-
+
&.ps-round-bottomleft {
border-bottom-left-radius: 56px;
}
}
}
-
-
-
}
-
-
.pl {
display: flex;
padding: 64px 0;
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
padding: 16px 0;
}
@@ -131,12 +130,10 @@
flex: 0 0 var(--rest);
}
-
-
.pl-content {
flex: 0 0 var(--cw);
padding: 0;
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
padding: 0 16px;
}
&.pl-extend {
@@ -145,19 +142,19 @@
padding-right: 0;
}
-
&.pl-columns {
display: grid;
grid-gap: 32px;
-
- h1, h2, h3 {
+ h1,
+ h2,
+ h3 {
grid-column: 1 / -1;
}
&.pl-columns-2 {
grid-template-columns: 1fr 1fr;
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
grid-template-columns: 1fr;
}
}
@@ -183,17 +180,16 @@
display: grid;
grid-template-columns: 1fr 2fr;
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
grid-template-columns: 1fr;
}
-
}
&.pl-right {
display: grid;
grid-gap: 32px;
grid-template-columns: 2fr 1fr;
-
- @media(max-width: 700px) {
+
+ @media (max-width: 700px) {
grid-template-columns: 1fr;
grid-gap: 16px;
}
@@ -204,12 +200,11 @@
grid-gap: 32px;
grid-template-columns: 1fr 1fr;
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
grid-template-columns: 1fr;
}
}
-
&.pl-article {
background-color: white;
padding-top: 32px;
@@ -218,13 +213,19 @@
border-top-right-radius: 300px;
overflow: hidden;
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
border-top-right-radius: 80px;
}
}
&.pl-has-image {
- background: linear-gradient(to bottom, #333 0%, #333 300px, #fff 300px, #fff 100%);
+ background: linear-gradient(
+ to bottom,
+ #333 0%,
+ #333 300px,
+ #fff 300px,
+ #fff 100%
+ );
}
&.pl-no-top-padding {
@@ -233,16 +234,11 @@
}
}
-
-
-
.breadcrumbs {
-
position: sticky;
z-index: 1;
top: 108px;
margin-left: var(--rest);
-
ul {
padding: 8px 12px;
@@ -256,7 +252,6 @@
li {
font-size: 0.8em;
padding-right: 8px;
-
a {
text-decoration: none;
@@ -272,16 +267,15 @@
}
}
-
.home-layout {
padding-top: 128px;
background-color: #fff;
}
-
-.article-layout, .topic-layout {
+.article-layout,
+.topic-layout {
padding-top: 128px;
- background-color: #1D1D1D;
+ background-color: #1d1d1d;
.breadcrumbs {
ul {
@@ -306,7 +300,6 @@
background-color: white;
}
-
.intro-image {
height: 720px;
position: relative;
@@ -341,7 +334,6 @@
}
}
-
.person-highlight {
background-color: var(--brand);
@@ -370,7 +362,7 @@
color: black;
}
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
flex-direction: column;
align-items: center;
justify-content: space-around;
@@ -389,7 +381,6 @@
text-align: center;
}
}
-
}
.overlap-bottom {
@@ -456,12 +447,11 @@
object-fit: cover;
}
- @media(max-width: 700px) {
-
+ @media (max-width: 700px) {
height: 300px;
img {
height: 300px;
}
}
-}
\ No newline at end of file
+}
diff --git a/assets/scss/ui/opener.scss b/assets/scss/ui/opener.scss
index b5f12b84..ffe35ef5 100644
--- a/assets/scss/ui/opener.scss
+++ b/assets/scss/ui/opener.scss
@@ -2,7 +2,7 @@
display: flex;
justify-content: center;
position: relative;
-
+
article {
flex: 1;
max-width: 1200px;
@@ -41,11 +41,10 @@
}
}
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
position: static;
flex-direction: column-reverse;
article {
-
padding: 0 32px;
section {
@@ -64,7 +63,6 @@
position: static;
}
}
-
}
}
@@ -72,11 +70,9 @@
display: flex;
justify-content: space-around;
-
article {
max-width: 800px;
-
h2 {
color: var(--brand);
text-align: center;
@@ -90,7 +86,6 @@
}
.image-container {
-
img {
max-width: 100%;
}
@@ -104,18 +99,15 @@
img {
object-fit: cover;
}
-
}
}
-
.bubble {
position: absolute;
- background: linear-gradient(to right, #3DDCEB 0%, rgba(61, 220, 235, 0) 100%);
+ background: linear-gradient(to right, #3ddceb 0%, rgba(61, 220, 235, 0) 100%);
height: 126px;
width: 200px;
-
&.bubble-small {
top: 0;
border-radius: 64px;
@@ -135,7 +127,7 @@
&.bubble-large {
border-top-left-radius: 128px;
bottom: 0px;
- height: 128px;
+ height: 128px;
width: 100%;
}
@@ -143,7 +135,7 @@
border-top-left-radius: 128px;
right: 0;
bottom: 0px;
- height: 128px;
+ height: 128px;
width: 40%;
}
@@ -179,10 +171,10 @@
right: 0px;
}
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
&.bubble-large {
border-top-left-radius: 42px;
- height: 42px;
+ height: 42px;
}
&.bubble-small-half {
@@ -193,4 +185,4 @@
height: 64px;
}
}
-}
\ No newline at end of file
+}
diff --git a/assets/scss/ui/stats.scss b/assets/scss/ui/stats.scss
index 55518cf9..3e40dd2e 100644
--- a/assets/scss/ui/stats.scss
+++ b/assets/scss/ui/stats.scss
@@ -1,5 +1,3 @@
-
-
.stats {
background-color: white;
list-style: none;
@@ -18,23 +16,23 @@
&:last-of-type {
border-right: 0;
}
-
+
h2 {
margin: 0;
font-size: 64px;
padding: 0 0 8px 0;
}
-
+
h6 {
margin: 0;
padding: 0;
}
}
- @media(max-width: 700px) {
+ @media (max-width: 700px) {
border-radius: 0;
flex-wrap: wrap;
-
+
margin-left: -16px;
width: calc(100% + 32px);
@@ -43,4 +41,3 @@
}
}
}
-
diff --git a/assets/scss/variables.scss b/assets/scss/variables.scss
index 7b7567b7..3ba8f39b 100644
--- a/assets/scss/variables.scss
+++ b/assets/scss/variables.scss
@@ -5,21 +5,20 @@
:root {
--fg: #000;
--bg: #fff;
- --brand: #FFD736;
+ --brand: #ffd736;
- --font-header: 'Source Sans 3';
- --font-text: 'Open Sans';
+ --font-header: "Source Sans 3";
+ --font-text: "Open Sans";
--cw: calc(min(100vw, 1200px));
--rest: calc((100vw - var(--cw)) / 2);
}
-[data-theme='dark'] {
+[data-theme="dark"] {
--fg: #fff;
--bg: #000;
}
-
select {
font-size: 24px;
}
@@ -28,4 +27,4 @@ a {
color: var(--fg);
text-decoration: none;
border-bottom: 1px solid var(--fg);
-}
\ No newline at end of file
+}
diff --git a/assets/ts/ui.ts b/assets/ts/ui.ts
index c8f958a2..4382aaf3 100644
--- a/assets/ts/ui.ts
+++ b/assets/ts/ui.ts
@@ -1,136 +1,136 @@
function initMainMenu() {
- let menuButtonEl = document.getElementById('main-menu-button');
- let subNavEl = document.getElementById('sub-nav');
-
- function onClick() {
- if (subNavEl) {
- subNavEl.classList.toggle('active');
- }
- }
-
- if (menuButtonEl && subNavEl) {
- menuButtonEl.addEventListener('click', onClick);
- }
+ let menuButtonEl = document.getElementById('main-menu-button');
+ let subNavEl = document.getElementById('sub-nav');
+
+ function onClick() {
+ if (subNavEl) {
+ subNavEl.classList.toggle('active');
+ }
+ }
+
+ if (menuButtonEl && subNavEl) {
+ menuButtonEl.addEventListener('click', onClick);
+ }
}
function initCarousel(el: HTMLDivElement) {
- let index = 0;
- let pageCount = 0;
-
- let slides = el.querySelectorAll('.slides');
- let pageCountContainer = el.querySelector('.page-count');
- let slidesContainer = slides.length ? slides[0] : null;
- if (slidesContainer) {
- pageCount = slidesContainer.children.length;
- }
-
- function setPageCounter(n) {
- if (pageCountContainer) {
- pageCountContainer.innerHTML = `${n} / ${pageCount}`;
- }
- }
-
- function nextPage() {
- if (!slidesContainer) return;
- if (index < pageCount - 1) {
- index++;
- } else {
- index = 0;
- }
-
- let child = slidesContainer.children[index] as HTMLElement;
- let left = child.offsetLeft;
- smoothScroll(left, slidesContainer);
- setPageCounter(index + 1);
- }
-
- function prevPage() {
- if (!slidesContainer) return;
- if (index > 0) {
- index--;
- } else {
- index = pageCount - 1;
- }
- let child = slidesContainer.children[index] as HTMLElement;
- let left = child.offsetLeft;
- smoothScroll(left, slidesContainer);
- setPageCounter(index + 1);
- }
-
- let buttons = el.querySelectorAll('.pages button');
- if (!buttons.length) {
- buttons = el.querySelectorAll('button');
- }
- if (buttons.length === 2) {
- buttons[0].addEventListener('click', prevPage);
- buttons[1].addEventListener('click', nextPage);
- }
+ let index = 0;
+ let pageCount = 0;
+
+ let slides = el.querySelectorAll('.slides');
+ let pageCountContainer = el.querySelector('.page-count');
+ let slidesContainer = slides.length ? slides[0] : null;
+ if (slidesContainer) {
+ pageCount = slidesContainer.children.length;
+ }
+
+ function setPageCounter(n) {
+ if (pageCountContainer) {
+ pageCountContainer.innerHTML = `${n} / ${pageCount}`;
+ }
+ }
+
+ function nextPage() {
+ if (!slidesContainer) return;
+ if (index < pageCount - 1) {
+ index++;
+ } else {
+ index = 0;
+ }
+
+ let child = slidesContainer.children[index] as HTMLElement;
+ let left = child.offsetLeft;
+ smoothScroll(left, slidesContainer);
+ setPageCounter(index + 1);
+ }
+
+ function prevPage() {
+ if (!slidesContainer) return;
+ if (index > 0) {
+ index--;
+ } else {
+ index = pageCount - 1;
+ }
+ let child = slidesContainer.children[index] as HTMLElement;
+ let left = child.offsetLeft;
+ smoothScroll(left, slidesContainer);
+ setPageCounter(index + 1);
+ }
+
+ let buttons = el.querySelectorAll('.pages button');
+ if (!buttons.length) {
+ buttons = el.querySelectorAll('button');
+ }
+ if (buttons.length === 2) {
+ buttons[0].addEventListener('click', prevPage);
+ buttons[1].addEventListener('click', nextPage);
+ }
}
function initAccordion(el: HTMLDivElement) {
- let items = el.querySelectorAll('.accordion-item');
-
- function toggleItem(itemEl) {
- items.forEach((item) => {
- if (item !== itemEl) item.classList.remove('active');
- });
- itemEl.classList.toggle('active');
- }
-
- items.forEach((item) => {
- let h3 = item.querySelector('h3');
- if (h3) {
- h3.addEventListener('click', () => {
- toggleItem(item);
- });
- }
- });
+ let items = el.querySelectorAll('.accordion-item');
+
+ function toggleItem(itemEl) {
+ items.forEach((item) => {
+ if (item !== itemEl) item.classList.remove('active');
+ });
+ itemEl.classList.toggle('active');
+ }
+
+ items.forEach((item) => {
+ let h3 = item.querySelector('h3');
+ if (h3) {
+ h3.addEventListener('click', () => {
+ toggleItem(item);
+ });
+ }
+ });
}
function initAllCarousels() {
- let els = document.querySelectorAll('.carousel');
- els.forEach(initCarousel);
+ let els = document.querySelectorAll('.carousel');
+ els.forEach(initCarousel);
- let smallEls = document.querySelectorAll('.smallousel');
- smallEls.forEach(initCarousel);
+ let smallEls = document.querySelectorAll('.smallousel');
+ smallEls.forEach(initCarousel);
}
function initAllAccordions() {
- let els = document.querySelectorAll('.accordion');
- els.forEach(initAccordion);
+ let els = document.querySelectorAll('.accordion');
+ els.forEach(initAccordion);
}
function initUI() {
- initMainMenu();
- initAllCarousels();
- initAllAccordions();
+ initMainMenu();
+ initAllCarousels();
+ initAllAccordions();
}
document.addEventListener('DOMContentLoaded', function () {
- initUI();
+ initUI();
});
/* utils */
function smoothScroll(targetScroll, el) {
- const startScroll = el.scrollLeft;
- const distance = targetScroll - startScroll;
- const startTime = new Date().getTime();
+ const startScroll = el.scrollLeft;
+ const distance = targetScroll - startScroll;
+ const startTime = new Date().getTime();
- function animate() {
- const currentTime = new Date().getTime();
- const timePassed = currentTime - startTime;
- const duration = 300; // Animation duration in ms
+ function animate() {
+ const currentTime = new Date().getTime();
+ const timePassed = currentTime - startTime;
+ const duration = 300; // Animation duration in ms
- // Calculate the easing (you can replace this with other easing functions)
- const easing = (t) => t * t; // simple quadratic easing
- const progress = Math.min(timePassed / duration, 1);
+ // Calculate the easing (you can replace this with other easing functions)
+ const easing = (t) => t * t; // simple quadratic easing
+ const progress = Math.min(timePassed / duration, 1);
- el.scrollLeft = startScroll + distance * easing(progress);
+ el.scrollLeft = startScroll + distance * easing(progress);
- if (progress < 1) {
- window.requestAnimationFrame(animate);
- }
- }
+ if (progress < 1) {
+ window.requestAnimationFrame(animate);
+ }
+ }
- window.requestAnimationFrame(animate);
+ window.requestAnimationFrame(animate);
}
diff --git a/cms/app.ts b/cms/app.ts
new file mode 100644
index 00000000..49387a6a
--- /dev/null
+++ b/cms/app.ts
@@ -0,0 +1,6 @@
+import { init } from '@sveltia/cms';
+import config from './config';
+
+init({
+ config,
+});
diff --git a/cms/collections.ts b/cms/collections.ts
new file mode 100644
index 00000000..0d8efbb1
--- /dev/null
+++ b/cms/collections.ts
@@ -0,0 +1,3 @@
+import { Collection as ArticlesCollection } from '../layouts/newsroom/collection';
+
+export default [ArticlesCollection];
diff --git a/cms/config.ts b/cms/config.ts
new file mode 100644
index 00000000..31e6de5b
--- /dev/null
+++ b/cms/config.ts
@@ -0,0 +1,18 @@
+import collections from './collections';
+
+export default {
+ backend: {
+ name: 'github',
+ repo: 'DIVD-NL/web-www-v2',
+ },
+ i18n: {
+ structure: 'multiple_files',
+ locales: ['en', 'nl'],
+ default_locale: 'en',
+ },
+ load_config_file: false,
+ local_backend: true,
+ media_folder: '/assets/images',
+ public_folder: '/images',
+ collections,
+};
diff --git a/cms/index.html b/cms/index.html
new file mode 100644
index 00000000..003ecbe6
--- /dev/null
+++ b/cms/index.html
@@ -0,0 +1,11 @@
+
+
+
+
+ DIVD Static CMS
+
+
+
+
diff --git a/content/anbi/_index.en.md b/content/anbi/_index.en.md
index f4f4378e..63fa54b1 100644
--- a/content/anbi/_index.en.md
+++ b/content/anbi/_index.en.md
@@ -1,6 +1,7 @@
---
title: ANBI
---
+
## ANBI
STICHTING DUTCH INSTITUTE FOR VULNERABILITY DISCLOSURE (DIVD)
@@ -15,14 +16,14 @@ RSIN: 860456961
KvK: 75957345
-Website: [https://www.divd.nl](https://www.divd.nl/ "https\://www.divd.nl")
+Website: [https://www.divd.nl](https://www.divd.nl/ "https://www.divd.nl")
**Doel van stichting** \
We streven ernaar de digitale wereld veiliger te maken door kwetsbaarheden die we vinden in digitale systemen te melden aan de mensen die ze kunnen repareren. We hebben een wereldwijd bereik, maar doen het op zijn Hollands: open, eerlijk, samen en gratis.
#### **Bestuur**
-* [Overzicht bestuursleden](https://www.divd.nl/who-we-are/team/)
+- [Overzicht bestuursleden](https://www.divd.nl/who-we-are/team/)
**Beloningsbeleid**
@@ -30,8 +31,8 @@ Bestuursleden zijn vrijwilligers en krijgen voor hun werkzaamheden geen vergoedi
**Documenten**
-* [Financieel verslag 2023](/documents/DIVD.financieel.verslag.2023.pdf)
-* [Jaarverslag 2023](/documents/DIVD.Annual.Report.2023.pdf)
-* [Jaarverslag 2022](/documents/DIVD%20jaarverslag%202022.pdf)
-* [Jaarverslag 2021](/documents/DIVD%20jaarverslag%202021.pdf)
-* [Standaardformulier ANBI](/documents/Standaardformulier%20ANBI.pdf)
\ No newline at end of file
+- [Financieel verslag 2023](/documents/DIVD.financieel.verslag.2023.pdf)
+- [Jaarverslag 2023](/documents/DIVD.Annual.Report.2023.pdf)
+- [Jaarverslag 2022](/documents/DIVD%20jaarverslag%202022.pdf)
+- [Jaarverslag 2021](/documents/DIVD%20jaarverslag%202021.pdf)
+- [Standaardformulier ANBI](/documents/Standaardformulier%20ANBI.pdf)
diff --git a/content/anbi/_index.nl.md b/content/anbi/_index.nl.md
index 6b2704aa..1c8cd6ae 100644
--- a/content/anbi/_index.nl.md
+++ b/content/anbi/_index.nl.md
@@ -1,6 +1,7 @@
---
title: ANBI
---
+
## ANBI
1. DIVD is a Dutch research institute that works with volunteers who aim to make the digital world safer by searching the internet for vulnerabilities and reporting the findings to those who can fix these vulnerabilities.
diff --git a/content/block/index.md b/content/block/index.md
index 3d65eaa0..ca03031f 100644
--- a/content/block/index.md
+++ b/content/block/index.md
@@ -1,3 +1,3 @@
---
headless: true
----
\ No newline at end of file
+---
diff --git a/content/contribute/_index.en.md b/content/contribute/_index.en.md
index c4b8b8a9..b5203371 100644
--- a/content/contribute/_index.en.md
+++ b/content/contribute/_index.en.md
@@ -7,13 +7,13 @@ intro: We are a group of volunteers that scout the web for potential cyber secur
becomevolunteer:
title: Become a volunteer
image: /images/1724437526298-1.jpg
- Alt tag for image: An illustration of 2 people talking about code, shown by a speakingballoon filled with 010101.
+ alt: An illustration of 2 people talking about code, shown by a speakingballoon filled with 010101.
description: Are you interested in joining our diverse team of ethical hackers, researchers, IT professionals, or legal experts, and learning from the best? Please sign up.
alt: Drawing of a group of voluteer hackers
becomepartner:
title: Become a partner
image: /images/DIVD Partnerevent 2024 - 2 (1).png
- Alt tag for image: An illustration of 2 people talking and exchanging information
+ alt: An illustration of 2 people talking and exchanging information
description: "As an organization dedicated to serving the entire internet community, we extend our assistance not only to your customers but also to their suppliers. You may perceive us as the volunteer fire brigade: while you protect your own infrastructure, we stand ready to aid your neighbors, thereby indirectly safeguarding your establishment as well."
alt: Drawing of a DIVD voluteer shaking the hand of a DIVD partner
appreciate:
diff --git a/content/contribute/_index.nl.md b/content/contribute/_index.nl.md
index bd17eaa8..9bee30dd 100644
--- a/content/contribute/_index.nl.md
+++ b/content/contribute/_index.nl.md
@@ -5,13 +5,13 @@ intro: Wij zijn een groep vrijwilligers die het web verkennen op potentiële cyb
becomevolunteer:
title: Vrijwilliger worden
image: images/global/becomevolunteer.png
- Alt tag for image: Een illustratie van 2 mensen die over code praten, weergegeven door een spreekballon gevuld met 010101.
+ alt: Een illustratie van 2 mensen die over code praten, weergegeven door een spreekballon gevuld met 010101.
description: Heb je interesse om je aan te sluiten bij ons diverse team van ethische hackers, onderzoekers, IT-professionals of juridische experts en te leren van de besten? Meld je nu aan.
alt: Tekening van vrijwillige hackers
becomepartner:
title: Partner worden
image: images/global/becomepartner.png
- Alt tag for image: Een illustratie van 2 mensen die praten en informatie uitwisselen
+ alt: Een illustratie van 2 mensen die praten en informatie uitwisselen
description: "Als organisatie die zich inzet voor de hele internetcommunity, bieden we niet alleen hulp aan uw klanten, maar ook aan diens leveranciers. U kunt ons beschouwen als de vrijwillige brandweer: terwijl u uw eigen infrastructuur beschermt, staan wij klaar om uw buren te helpen en zo indirect ook uw bedrijf te beschermen."
alt: Drawing can een DIVD vrijwilliger die de hand schud van een partner
appreciate:
diff --git a/content/dictionary/_index.en.md b/content/dictionary/_index.en.md
index 5d5769ae..b61d01a1 100644
--- a/content/dictionary/_index.en.md
+++ b/content/dictionary/_index.en.md
@@ -2,6 +2,7 @@
title: DIVDictionary
intro: On this page, the DIVD Dictionary, you can find a clarification of the cyber security words and phrases you can find on our website. The DIVDictionary intends to explain what each of the words specifically means for DIVD.
---
+
## Hacking
#### **(Ethical) Hacker**
@@ -18,7 +19,7 @@ An exploit is a malicious application, piece of code or script that can be used
At DIVD, we adhere to the ‘Principle of Proportionality’ and the ‘Principle of Subsidiarity’, as described in our [Code of Conduct](https://www.divd.nl/what-we-do/code-of-conduct/). This means that our research should increase and not decrease the integrity and availability of any online systems. If several means are available to meet the need, we opt for the one that has the least impact on the availability of the systems and services.
-####
+####
#### **Case**
@@ -45,13 +46,13 @@ Responsible disclosure helps protect users, maintains trust between (DIVD) resea
Security.txt is a proposed standard for websites to provide a clear and consistent way for security researchers to report security vulnerabilities. It involves placing a simple text file named security.txt in the well-known location /.well-known/ directory of a website (e.g., [https://example.com/.well-known/security.txt)](https://example.com/.well-known/security.txt)). This file contains contact information and other details that guide researchers on how to responsibly disclose security issues to the organization. Wanna make DIVD’s work easier? Put our [security.txt](https://securitytxt.org/) in the code of your website and our IP 194.5.73.0-255 on your allow list.
-####
+####
## Vulnerabilities
#### CVE
-CVE stands for "Common Vulnerabilities and Exposures", a [public list](https://cve.mitre.org/cve/search_cve_list.html) of known vulnerabilities in software. DIVD scans the internet for the presence of CVEs.
+CVE stands for "Common Vulnerabilities and Exposures", a [public list](https://cve.mitre.org/cve/search_cve_list.html) of known vulnerabilities in software. DIVD scans the internet for the presence of CVEs.
#### **High-Risk Vulnerability**
diff --git a/content/dictionary/_index.nl.md b/content/dictionary/_index.nl.md
index 296a0d7f..2271d5bc 100644
--- a/content/dictionary/_index.nl.md
+++ b/content/dictionary/_index.nl.md
@@ -5,4 +5,5 @@ intro: |-
But what are exactly are (zero-day) vulnerabilities, and why is it so important to find them as soon as possible? Find these (and other) frequently used cyber security definitions on this page.
---
+
.
diff --git a/content/faq/faq-operation-endgame.en.md b/content/faq/faq-operation-endgame.en.md
index 73ec3614..e350738e 100644
--- a/content/faq/faq-operation-endgame.en.md
+++ b/content/faq/faq-operation-endgame.en.md
@@ -10,14 +10,15 @@ intro: >-
The FAQ is available in English, Dutch, German, French, and Spanish.
- The Spanish translation is AI generated, there might be some translation flaws.
+ The Spanish translation is AI generated, there might be some translation flaws.
button_text: CASE FILE
button_url: https://csirt.divd.nl/cases/DIVD-2024-00019/
faqgroups:
- heading: English
faqs:
- title: Is this a scam?
- description: "It’s great that you’re skeptical. However, this is legit and
+ description:
+ "It’s great that you’re skeptical. However, this is legit and
definitely not a scam. This operation is a collaboration between the
Dutch National Police, Europol, Digital Trust Center, NCSC and others.
We, Dutch Institute of Vulnerability Disclosure (DIVD), are mentioned
@@ -25,12 +26,14 @@ faqgroups:
Hack. (translation: Check your Hack) FAQ also mentiones DIVD and
shares a link back to this casefile."
- title: Do you have my password?
- description: No, we do not have your password. We may have sent you an email
+ description:
+ No, we do not have your password. We may have sent you an email
containing a partial password, with only the last four characters
visible. This is the only part of your password we possess because the
Dutch Police ensured that all passwords were hidden before sharing the
data with us.
- - description: Yes it is. Under Dutch law and European privacy regulations, we can
+ - description:
+ Yes it is. Under Dutch law and European privacy regulations, we can
process this data based on a so-called “legitimate interest.”DIVD is a
private foundation that operates under a strict code of conduct, with
the aim to make the digital world safer.
@@ -57,13 +60,15 @@ faqgroups:
Deze operatie is een samenwerking tussen de Nederlandse Politie, Europol, het Digital Trust Center, NCSC-NL en anderen. Wij, het Dutch Institute of Vulnerability Disclosure (DIVD), worden genoemd in de persberichten van de Nederlandse Politie en Europol. De [‘Check je Hack' FAQ](https://www.politie.nl/informatie/veel-gestelde-vragen-over-check-je-hack.html) vermeldt ook DIVD en deelt een link naar de case van ons CSIRT.
title: "Is dit scam of phishing? "
- - description: Nee, we hebben je wachtwoord niet. We hebben je mogelijk een e-mail
+ - description:
+ Nee, we hebben je wachtwoord niet. We hebben je mogelijk een e-mail
gestuurd met een gedeeltelijk wachtwoord, waarbij alleen de laatste
vier tekens zichtbaar zijn. Dit is het enige deel van je wachtwoord
dat we bezitten. De Nederlandse Politie heeft alle wachtwoorden
gedeeltelijk verborgen voordat ze deze informatie deelden met anderen.
title: Hebben jullie mijn wachtwoord?
- - title: "Jullie hebben mijn persoonlijke gegevens zonder mijn toestemming, is dat
+ - title:
+ "Jullie hebben mijn persoonlijke gegevens zonder mijn toestemming, is dat
legaal? "
description: "Ja, dat is het. Volgens de Nederlandse wet en de Europese
privacyregels mogen wij deze gegevens verwerken op basis van een
@@ -71,13 +76,17 @@ faqgroups:
opereert onder een strikt gedragscode (zie: [Code of
Conduct](https://www.divd.nl/divd-nl-2024/what-we-do/code-of-conduct/\
)), met als doel de digitale wereld veiliger te maken."
- - title: "Weten jullie hoe de Nederlandse Politie aan deze informatie is gekomen?
+ - title:
+ "Weten jullie hoe de Nederlandse Politie aan deze informatie is gekomen?
"
- description: Nee, we hebben die informatie niet. We weten dat Operatie Endgame
+ description:
+ Nee, we hebben die informatie niet. We weten dat Operatie Endgame
informatie bevat van verschillende botnets.
- - title: "Gaan jullie de criminelen aanpakken die mijn informatie hebben gestolen?
+ - title:
+ "Gaan jullie de criminelen aanpakken die mijn informatie hebben gestolen?
"
- description: Nee, dat is een taak voor de wetshandhaving. Wij analyseren online
+ description:
+ Nee, dat is een taak voor de wetshandhaving. Wij analyseren online
bedreigingen, niet de daders. Ook notificeren wij de slachtoffers. Je
leest hier meer over in artikel 9 van onze [Code of
Conduct.](https://www.divd.nl/divd-nl-2024/what-we-do/code-of-conduct/)
@@ -89,7 +98,8 @@ faqgroups:
bedrijfsystemen, cloudservices en e-mailaccounts. Dit kan leiden tot
diefstal van gevoelige gegevens en mogelijk verdere aanvallen binnen
de organisatie.
- - title: Als jullie niet in opdracht van overheden of autoriteiten werkt, waarom
+ - title:
+ Als jullie niet in opdracht van overheden of autoriteiten werkt, waarom
werken jullie dan samen met de politie in deze zaak?
description: >-
Het handelen op basis van deze dataset is direct in lijn met artikel 3
@@ -101,7 +111,8 @@ faqgroups:
We analyseren elke database die we ontvangen, inclusief die van wetshandhaving instanties. We doen dit echter onafhankelijk, zonder enige verplichting of intentie om specifieke informatie in ruil daarvoor te delen.
- heading: German - Deutsch
faqs:
- - description: "Es ist großartig, dass Sie skeptisch sind. Diese Operation ist
+ - description:
+ "Es ist großartig, dass Sie skeptisch sind. Diese Operation ist
jedoch legitim und definitiv kein Betrug. Diese Operation ist eine
Zusammenarbeit zwischen der niederländischen Nationalpolizei, Europol,
dem Digital Trust Center, dem NCSC und anderen. Wir, das Dutch
@@ -110,37 +121,45 @@ faqgroups:
Die FAQ ‘Check je Hack’ (Übersetzung: Überprüfen Sie Ihren Hack)
erwähnt auch DIVD und teilt einen Link zu dieser Fallakte."
title: Ist das ein Betrug?
- - description: Nein, wir haben Ihr Passwort nicht. Wir haben Ihnen möglicherweise
+ - description:
+ Nein, wir haben Ihr Passwort nicht. Wir haben Ihnen möglicherweise
eine E-Mail mit einem Teil Ihres Passworts geschickt, wobei nur die
letzten vier Zeichen sichtbar sind. Dies ist der einzige Teil Ihres
Passworts, den wir besitzen, da die niederländische Polizei dafür
gesorgt hat, dass alle Passwörter vor dem Teilen der Daten mit uns
versteckt wurden.
title: Haben Sie mein Passwort?
- - description: Ja, das ist es. Nach niederländischem Recht und den europäischen
+ - description:
+ Ja, das ist es. Nach niederländischem Recht und den europäischen
Datenschutzbestimmungen dürfen wir diese Daten auf der Grundlage eines
sogenannten „berechtigten Interesses“ verarbeiten. DIVD ist eine
private Stiftung, die nach einem strengen Verhaltenskodex arbeitet,
mit dem Ziel, die digitale Welt sicherer zu machen.
- title: Sie verarbeiten meine persönlichen Daten ohne meine Zustimmung, ist das
+ title:
+ Sie verarbeiten meine persönlichen Daten ohne meine Zustimmung, ist das
legal?
- - description: "Nein, das werden wir nicht. Das ist eine Angelegenheit für die
+ - description:
+ "Nein, das werden wir nicht. Das ist eine Angelegenheit für die
Strafverfolgungsbehörden. Laut Artikel 9 unseres Verhaltenskodex: *Wir
analysieren Online-Bedrohungen, nicht die Bedrohungsakteure. Wir sind
Forscher und dienen nicht den Bedürfnissen von Regierungen oder
Strafverfolgungsbehörden.*"
- title: Werden Sie die Kriminellen verfolgen, die meine Informationen gestohlen
+ title:
+ Werden Sie die Kriminellen verfolgen, die meine Informationen gestohlen
haben?
- - description: Ein ADFS-Konto (Active Directory Federation Services) ermöglicht
+ - description:
+ Ein ADFS-Konto (Active Directory Federation Services) ermöglicht
eine einmalige Anmeldung für mehrere Anwendungen. Wenn Kriminelle
darauf zugreifen, können sie in Unternehmenssysteme, Cloud-Dienste und
E-Mail-Konten eindringen, was zum Diebstahl sensibler Daten und zu
weiteren potenziellen Angriffen innerhalb der Organisation führen
kann.
title: Was ist ein ADFS-Konto und was können Kriminelle damit machen?
- - description: Nein, wir kennen keine Einzelheiten, aber wir wissen, dass die
+ - description:
+ Nein, wir kennen keine Einzelheiten, aber wir wissen, dass die
Operation Endgame Informationen aus mehreren Botnets enthält.
- title: Wissen Sie, wie die niederländische Nationalpolizei diese Informationen
+ title:
+ Wissen Sie, wie die niederländische Nationalpolizei diese Informationen
erhalten hat?
- description: >-
Das Handeln auf Basis dieses Datensatzes steht direkt im Einklang mit
@@ -151,12 +170,14 @@ faqgroups:
Wir analysieren jede Datenbank, die wir erhalten, einschließlich der von Strafverfolgungsbehörden. Wir tun dies jedoch unabhängig, ohne jegliche Verpflichtung oder Absicht, spezifische Informationen im Gegenzug weiterzugeben.
- title: Wenn Sie „den Bedürfnissen von Regierungen oder Strafverfolgungsbehörden
+ title:
+ Wenn Sie „den Bedürfnissen von Regierungen oder Strafverfolgungsbehörden
nicht dienen“, warum arbeiten Sie dann in diesem Fall mit der
niederländischen Nationalpolizei zusammen?
- heading: French - Français
faqs:
- - description: "C'est bien que vous soyez sceptique. Cependant, ceci est légitime
+ - description:
+ "C'est bien que vous soyez sceptique. Cependant, ceci est légitime
et définitivement pas une arnaque. Cette opération est une
collaboration entre la Police Nationale Néerlandaise, Europol, le
Digital Trust Center, le NCSC et d'autres. Nous, Dutch Institute of
@@ -166,33 +187,39 @@ faqgroups:
le DIVD et partage un lien vers ce dossier."
title: Est-ce une arnaque ?
- title: Avez-vous mon mot de passe ?
- description: Non, nous n'avons pas votre mot de passe. Nous avons peut-être
+ description:
+ Non, nous n'avons pas votre mot de passe. Nous avons peut-être
envoyé un e-mail contenant un mot de passe partiel, avec seulement les
quatre derniers caractères visibles. C'est la seule partie de votre
mot de passe que nous possédons parce que la Police Néerlandaise a
veillé à ce que tous les mots de passe soient masqués avant de
partager les données avec nous.
- - description: Oui, c'est légal. Selon la loi néerlandaise et les réglementations
+ - description:
+ Oui, c'est légal. Selon la loi néerlandaise et les réglementations
européennes en matière de confidentialité, nous pouvons traiter ces
données sur la base d'un « intérêt légitime ». Le DIVD est une
fondation privée qui opère sous un code de conduite strict, avec pour
objectif de rendre le monde numérique plus sûr.
- title: Traitez-vous mes données personnelles sans mon consentement, est-ce légal
+ title:
+ Traitez-vous mes données personnelles sans mon consentement, est-ce légal
?
- - description: "Non, ce n'est pas notre rôle. C'est une affaire pour les forces de
+ - description:
+ "Non, ce n'est pas notre rôle. C'est une affaire pour les forces de
l'ordre. Selon l'article 9 de notre code de conduite: *Nous analysons
les menaces en ligne, pas les acteurs de ces menaces. Nous sommes des
chercheurs et ne répondons pas aux besoins des gouvernements ou des
forces de l'ordre.*"
title: Allez-vous poursuivre les criminels qui ont volé mes informations ?
- - description: Un compte ADFS (Active Directory Federation Services) permet une
+ - description:
+ Un compte ADFS (Active Directory Federation Services) permet une
authentification unique pour plusieurs applications. Si des criminels
y accèdent, ils peuvent infiltrer les systèmes d'entreprise, les
services cloud et les comptes de messagerie, ce qui peut entraîner le
vol de données sensibles et des attaques potentielles supplémentaires
au sein de l'organisation.
title: Qu'est-ce qu'un compte ADFS et que peuvent faire les criminels avec ?
- - description: Non, nous ne connaissons pas les détails, mais nous savons que
+ - description:
+ Non, nous ne connaissons pas les détails, mais nous savons que
l'Opération Endgame contient des informations provenant de plusieurs
botnets.
title: Savez-vous comment la police nationale néerlandaise a obtenu ces
@@ -205,12 +232,14 @@ faqgroups:
Nous analysons chaque base de données que nous recevons, y compris celles des forces de l'ordre. Cependant, nous le faisons de manière indépendante, sans aucune obligation ni intention de partager des informations spécifiques en retour.
- title: Si vous « ne servez pas les besoins des gouvernements ou des forces de
+ title:
+ Si vous « ne servez pas les besoins des gouvernements ou des forces de
l'ordre », pourquoi coopérez-vous avec la police nationale
néerlandaise dans cette affaire ?
- heading: "Spanish - Español "
faqs:
- - description: "Es genial que seas escéptico. Sin embargo, esto es legítimo y
+ - description:
+ "Es genial que seas escéptico. Sin embargo, esto es legítimo y
definitivamente no es una estafa. Esta operación es una colaboración
entre la Policía Nacional de los Países Bajos, Europol, el Digital
Trust Center, NCSC y otros. Nosotros, el Instituto Neerlandés de
@@ -220,35 +249,42 @@ faqgroups:
también menciona al DIVD y comparte un enlace a este caso."
title: ¿Es esto una estafa?
- title: ¿Tienes mi contraseña?
- description: No, no tenemos tu contraseña. Es posible que te hayamos enviado un
+ description:
+ No, no tenemos tu contraseña. Es posible que te hayamos enviado un
correo electrónico con una parte de tu contraseña, con solo los
últimos cuatro caracteres visibles. Esta es la única parte de tu
contraseña que poseemos porque la Policía Neerlandesa se aseguró de
que todas las contraseñas estuvieran ocultas antes de compartir los
datos con nosotros.
- - description: Sí, lo es. Según la ley neerlandesa y las regulaciones europeas de
+ - description:
+ Sí, lo es. Según la ley neerlandesa y las regulaciones europeas de
privacidad, podemos procesar estos datos en base a un “interés
legítimo”. El DIVD es una fundación privada que opera bajo un estricto
código de conducta, con el objetivo de hacer el mundo digital más
seguro.
- title: ¿Estás procesando mis datos personales sin mi consentimiento, es eso
+ title:
+ ¿Estás procesando mis datos personales sin mi consentimiento, es eso
legal?
- - description: "No, no lo haremos. Eso es una cuestión para las fuerzas del orden.
+ - description:
+ "No, no lo haremos. Eso es una cuestión para las fuerzas del orden.
Según el artículo 9 de nuestro código de conducta: Analizamos las
amenazas en línea, no a los actores de las amenazas. Somos
investigadores y no servimos a los intereses de los gobiernos o las
fuerzas del orden."
title: ¿Vas a perseguir a los criminales que robaron mi información?
- title: ¿Qué es una cuenta ADFS y qué pueden hacer los criminales con ella?
- description: Una cuenta ADFS (Active Directory Federation Services) permite el
+ description:
+ Una cuenta ADFS (Active Directory Federation Services) permite el
inicio de sesión único para múltiples aplicaciones. Si los criminales
acceden a ella, pueden infiltrarse en sistemas corporativos, servicios
en la nube y cuentas de correo electrónico, lo que puede llevar al
robo de datos sensibles y a posibles ataques adicionales dentro de la
organización.
- - description: No, no conocemos los detalles, pero sabemos que la Operación
+ - description:
+ No, no conocemos los detalles, pero sabemos que la Operación
Endgame contiene información de varios botnets.
- title: ¿Sabes cómo obtuvo la información la Policía Nacional de los Países
+ title:
+ ¿Sabes cómo obtuvo la información la Policía Nacional de los Países
Bajos?
- description: >-
Actuar sobre este conjunto de datos está directamente en línea con el
@@ -258,7 +294,8 @@ faqgroups:
Analizamos todas las bases de datos que recibimos, incluidas las de las fuerzas del orden. Sin embargo, lo hacemos de forma independiente, sin ninguna obligación o intención de compartir ninguna información específica a cambio
- title: Si "no sirven a los intereses de los gobiernos o las fuerzas del orden",
+ title:
+ Si "no sirven a los intereses de los gobiernos o las fuerzas del orden",
¿por qué están cooperando con la Policía Nacional de los Países Bajos
en este caso?
---
diff --git a/content/faq/new-frequently-asked-questions.en.md b/content/faq/new-frequently-asked-questions.en.md
index 19712183..3149c762 100644
--- a/content/faq/new-frequently-asked-questions.en.md
+++ b/content/faq/new-frequently-asked-questions.en.md
@@ -26,7 +26,8 @@ faqgroups:
tincidunt mi nisi accumsan libero. Integer quis erat id ante mattis
lobortis. Nam sed sapien et neque malesuada tincidunt in varius massa.
- title: Question 2
- description: Proin a tortor ut turpis sodales lacinia sed a orci. Vivamus
+ description:
+ Proin a tortor ut turpis sodales lacinia sed a orci. Vivamus
facilisis erat tortor, porta lobortis ligula egestas sed. Curabitur id
commodo ipsum, sed feugiat nulla. Nulla quis feugiat urna. Suspendisse
eget consequat turpis. Morbi commodo dui sed turpis hendrerit, eget
@@ -39,7 +40,8 @@ faqgroups:
lacinia.
- heading: FAQ Group 2
faqs:
- - description: Nulla quis leo in lorem tempor rhoncus nec eget sem. Morbi nec diam
+ - description:
+ Nulla quis leo in lorem tempor rhoncus nec eget sem. Morbi nec diam
ullamcorper, lobortis magna quis, viverra dui. Nullam facilisis
accumsan lorem in convallis. Quisque semper consequat metus eu
eleifend. Vestibulum in elit quis quam convallis efficitur ut et enim.
@@ -48,7 +50,8 @@ faqgroups:
risus. Etiam sed mollis est, non pellentesque erat.
title: Question 1
- title: Question 2
- description: In hac habitasse platea dictumst. Mauris non tortor blandit,
+ description:
+ In hac habitasse platea dictumst. Mauris non tortor blandit,
convallis erat id, rutrum risus. Praesent maximus facilisis nisi, eu
bibendum ex bibendum non. Aliquam eget libero erat. Phasellus lorem
purus, commodo vitae nunc eget, eleifend ultricies sem. Ut pulvinar
diff --git a/content/newsroom/articles/_index.en.md b/content/newsroom/articles/_index.en.md
index 7c46080f..9af1df98 100644
--- a/content/newsroom/articles/_index.en.md
+++ b/content/newsroom/articles/_index.en.md
@@ -1,4 +1,4 @@
---
title: "Articles"
type: "article"
----
\ No newline at end of file
+---
diff --git a/content/newsroom/articles/_index.nl.md b/content/newsroom/articles/_index.nl.md
index f2b045c7..50b90453 100644
--- a/content/newsroom/articles/_index.nl.md
+++ b/content/newsroom/articles/_index.nl.md
@@ -1,4 +1,4 @@
---
title: "Artikelen"
type: "article"
----
\ No newline at end of file
+---
diff --git a/content/newsroom/articles/article-on-municipalities.en.md b/content/newsroom/articles/article-on-municipalities.en.md
index 0f9db373..d2f6c904 100644
--- a/content/newsroom/articles/article-on-municipalities.en.md
+++ b/content/newsroom/articles/article-on-municipalities.en.md
@@ -6,9 +6,10 @@ author:
tag: news
intro: Veel gemeenten reageren te traag of niet adequaat genoeg op meldingen over beveiligingslekken. Deze zogenoemde Coordinated Vulnerability Disclosures (CVD meldingen) worden vaak gedaan door ethische hackers die zo het internet veiliger willen maken. Dit proces is de laatste jaren wel verbeterd, maar er blijft nog steeds een wereld te winnen voor de gemeenten. Dat blijkt uit een recent uitgevoerd onderzoek van de Universiteit Twente en Dutch Institute for Vulnerability Disclosure (DIVD) onder 114 Nederlandse gemeenten.
image: /images/articles/cybersecurity-freepik-2023-mk.webp
-Alt tag for image: ""
+alt: ""
faq_enabled: false
---
+
By [Koen van Hove](https://www.divd.nl/who-we-are/team/people/koen-van-hove/)
## Coordinated Vulnerability Disclosures bij gemeenten
@@ -31,9 +32,9 @@ De termijn die de Universiteit Twente in haar Coordinated Vulnerability Disclosu
{{< /callout >}}
-### 2. Kwaliteit van het respons
+### 2. Kwaliteit van het respons
-Bij **89 gemeenten** werd uiteindelijk bijgehouden of het beveiligingslek werd opgelost.
+Bij **89 gemeenten** werd uiteindelijk bijgehouden of het beveiligingslek werd opgelost.
{{< callout type="warning" >}}
diff --git a/content/newsroom/articles/article-on-municipalities.nl.md b/content/newsroom/articles/article-on-municipalities.nl.md
index 4f668c2c..c260375d 100644
--- a/content/newsroom/articles/article-on-municipalities.nl.md
+++ b/content/newsroom/articles/article-on-municipalities.nl.md
@@ -2,6 +2,7 @@
title: Test artikel
date: 2023-10-02T12:58:44.246Z
intro: Introductie case
-Alt tag for image: ""
+alt: ""
---
+
Dit is de body
diff --git a/content/newsroom/articles/buck-et-up-secure-your-aws-s3-buckets-now.en.md b/content/newsroom/articles/buck-et-up-secure-your-aws-s3-buckets-now.en.md
index 707a3838..1480d3b2 100644
--- a/content/newsroom/articles/buck-et-up-secure-your-aws-s3-buckets-now.en.md
+++ b/content/newsroom/articles/buck-et-up-secure-your-aws-s3-buckets-now.en.md
@@ -4,7 +4,7 @@ date: 2024-07-31T16:43:00+02:00
tag: news
intro: 1.5 million files are stored unprotected on the public internet, does this still happen? Unfortunately, yes, it still happens. Despite our familiarity with security policies, controls, and best practices. In this article, you can read how you can secure your AWS S3 buckets and why it is important to do it.
image: /images/6583bce8-b9bb-4182-b966-d80ab032b14e.jpg
-Alt tag for image: ""
+alt: ""
case:
caseid: ""
closed: false
@@ -24,6 +24,7 @@ faq:
intro: ""
url: ""
---
+
By [Serena de Pater](https://www.divd.nl/who-we-are/team/people/serena-de-pater/)
{{< callout type="warning" >}}
diff --git a/content/newsroom/articles/buck-et-up-secure-your-aws-s3-buckets-now.nl.md b/content/newsroom/articles/buck-et-up-secure-your-aws-s3-buckets-now.nl.md
index 15ec5579..400c3e9f 100644
--- a/content/newsroom/articles/buck-et-up-secure-your-aws-s3-buckets-now.nl.md
+++ b/content/newsroom/articles/buck-et-up-secure-your-aws-s3-buckets-now.nl.md
@@ -3,6 +3,7 @@ title: Buck-et up! Beveilig nu uw AWS S3 Buckets!
date: 2024-07-31T14:28:00.000Z
intro: 1,5 miljoen bestanden onbeveiligd opgeslagen op het openbare internet, gebeurt dit nog steeds? Helaas, ja, het gebeurt nog steeds. Ondanks onze bekendheid met beveiligingsbeleid, controles en best practices. In dit artikel lees je hoe je je AWS S3 buckets kunt beveiligen en waarom het belangrijk is om dit te doen.
---
+
In 2022 ontdekte een groep beveiligingsonderzoekers een verkeerd geconfigureerde Amazon S3-bucket waardoor 3 TB aan gegevens werd blootgelegd. We hebben het hier niet over willekeurige bits en bytes, maar onder die 1,5 miljoen onbeveiligde bestanden bevonden zich gegevens van luchthavenmedewerkers, foto's van ID-kaarten en persoonlijk identificeerbare informatie (PII), waaronder namen, foto's, beroepen en nationale ID-nummers die teruggingen tot ten minste 2018. Andere informatie die kon worden achterhaald was in de vorm van mobiele Android-apps die worden gebruikt door beveiligingspersoneel om te helpen bij verschillende taken, zoals het melden van incidenten. Volgens SafetyDetectives werd de Amazon S3 bucket open en toegankelijk gelaten, zonder verificatieprocedures.
In dit artikel lees je hoe je je AWS-buckets kunt beveiligen en waarom het belangrijk is om dat te doen.
diff --git a/content/newsroom/articles/case-apache-log4j2.en.md b/content/newsroom/articles/case-apache-log4j2.en.md
index 2575bcdf..125d4f5e 100644
--- a/content/newsroom/articles/case-apache-log4j2.en.md
+++ b/content/newsroom/articles/case-apache-log4j2.en.md
@@ -5,11 +5,15 @@ author: []
tag: case
intro: Apache reported a remote code execution vulnerability in Apache Log4j2, the vulnerability in the Log framework of Apache makes it possible to misuse the record log information feature. This makes it possible for an attacker to construct special data request packets through this vulnerable component, and ultimately trigger remote code execution.
image: /images/DIVD-Lof4J casefile.png
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2021-00038
closed: true
- link: https://csirt.divd.nl/cases/DIVD-2021-00038/
+ link:
+ label: DIVD-2021-00038
+ url: https://csirt.divd.nl/cases/DIVD-2021-00038/
+ invertedColors: true
+ external: false
lead: Victor Gevers
leadlink: https://www.divd.nl/who-we-are/team/people/victor-gevers/
researchers:
diff --git a/content/newsroom/articles/case-apache-log4j2.nl.md b/content/newsroom/articles/case-apache-log4j2.nl.md
index cf2896f7..d50eef15 100644
--- a/content/newsroom/articles/case-apache-log4j2.nl.md
+++ b/content/newsroom/articles/case-apache-log4j2.nl.md
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: Apache heeft een kwetsbaarheid gemeld voor het op afstand uitvoeren van code in Apache Log4j2. De kwetsbaarheid in het Log-framework van Apache maakt het mogelijk om misbruik te maken van de functie Record Log Information. Dit maakt het mogelijk voor een aanvaller om speciale dataverzoekpakketten samen te stellen via deze kwetsbare component, en uiteindelijk code-uitvoering op afstand te veroorzaken.
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/case-atlassian-confluence.en.md b/content/newsroom/articles/case-atlassian-confluence.en.md
index ef4ecfd3..12327c0e 100644
--- a/content/newsroom/articles/case-atlassian-confluence.en.md
+++ b/content/newsroom/articles/case-atlassian-confluence.en.md
@@ -4,11 +4,15 @@ date: 2023-12-18T22:00:00+01:00
tag: case
intro: After Veloxity identified a zero-day vulnerability, DIVD, DTC, and NSM cooperated to reach out to notify 18.469 vulnerable ISPs.
image: /images/articles/what-do-you-need-to-know-about-atlassian-confluence-rce-vulnerability-1200x675.webp
-Alt tag for image: ""
+alt: ""
case:
caseid: 2022-00033
closed: true
- link: https://csirt.divd.nl/cases/DIVD-2022-00033/
+ link:
+ label: DIVD-2021-00033
+ url: https://csirt.divd.nl/cases/DIVD-2022-00033/
+ invertedColors: true
+ external: false
lead: Frank Breedijk
leadlink: https://www.divd.nl/who-we-are/team/people/frank-breedijk/
researchers:
@@ -20,6 +24,7 @@ case:
link: ""
faq_enabled: false
---
+
On May 30th – Memorial Day 2022 – researchers of the Washington DC-based cybersecurity firm [Volexity ](https://www.volexity.com/)started an investigation after one of the customers detected suspicious activity on two internet-facing web servers, that were running Atlassian Confluence Server software.
As the Volexity researchers delved deeper into their investigations, they discovered web shells being written to the disk, and upon further analysis, they were able to recreate the exploit and so identified a zero-day vulnerability in the current versions of the Confluence Server and Data Center. This software, used by governments, banks, and critical infrastructure, was under attack. Volexity acted quickly, contacting Atlassian on May 31, 2022, to report the relevant details of their findings. At the time of discovery, this exploit was only used in a very targeted way.
diff --git a/content/newsroom/articles/case-atlassian-confluence.nl.md b/content/newsroom/articles/case-atlassian-confluence.nl.md
index a73726d8..442faa34 100644
--- a/content/newsroom/articles/case-atlassian-confluence.nl.md
+++ b/content/newsroom/articles/case-atlassian-confluence.nl.md
@@ -2,11 +2,12 @@
title: "CASE: ATLASSIAN CONFLUENCE"
date: 2023-12-18T21:00:49.275Z
intro: Nadat Veloxity een zero-day kwetsbaarheid had geïdentificeerd, werkten DIVD, DTC en NSM samen om 18.469 kwetsbare ISP's op de hoogte te stellen.
-Alt tag for image: ""
+alt: ""
case:
caseid: 2022-00033
closed: true
---
+
Op 30 mei - Memorial Day 2022 - startten onderzoekers van het in Washington DC gevestigde cyberbeveiligingsbedrijf Volexity een onderzoek nadat een van de klanten verdachte activiteit had ontdekt op twee webservers die op internet waren gericht en waarop Atlassian Confluence Server-software draaide.
Toen de Volexity-onderzoekers dieper in hun onderzoek doken, ontdekten ze dat er webshells naar de schijf werden geschreven. Na verdere analyse waren ze in staat om de exploit na te maken en zo een zero-day kwetsbaarheid te identificeren in de huidige versies van de Confluence Server en het Data Center. Deze software, die wordt gebruikt door overheden, banken en kritieke infrastructuur, werd aangevallen. Volexity handelde snel en nam op 31 mei 2022 contact op met Atlassian om de relevante details van hun bevindingen te melden. Op het moment van ontdekking werd deze exploit slechts zeer gericht gebruikt.
diff --git a/content/newsroom/articles/case-connectwise-screenconnect.en.md b/content/newsroom/articles/case-connectwise-screenconnect.en.md
deleted file mode 100644
index 5f5701e3..00000000
--- a/content/newsroom/articles/case-connectwise-screenconnect.en.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: "CASE: AUTHENTICATION BYPASS & REMOTE CODE EXECUTION IN CONNECTWISE SCREENCONNECT"
-date: 2023-10-02T15:03:00+02:00
-tag: case
-intro: A critical security issue was recently identified in ConnectWise ScreenConnect. If abused, the flaw may enable an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems.
-image: /images/articles/connectwise.webp
-Alt tag for image: ""
-case:
- caseid: DIVD-2024-00008
- closed: false
- link: https://csirt.divd.nl/cases/DIVD-2024-00008/
- lead: Stan Plasmeijer
- leadlink: https://www.divd.nl/who-we-are/team/people/stan-plasmeijer/
- researchers:
- - label: Jeroen de Baare
- link: https://www.divd.nl/who-we-are/team/people/jeroen-de-baare/
- - label: Barre Dijkstra
- link: https://www.divd.nl/who-we-are/team/people/barre-dijkstra/
-faq_enabled: false
----
-## SUMMARY
-
-A critical security issue was recently identified in ConnectWise ScreenConnect. If abused, the flaw may enable an unauthenticated attacker to bypass the authentication and execute remote code or directly impact confidential data or critical systems.
-
-## RECOMMENDATIONS
-
-ConnectWise recommends partners update their ScreenConnect to version 23.9.8. ConnectWise will also provide updated versions of releases 22.4 through 23.9.7 for the critical issue but strongly recommends that partners update to ScreenConnect version 23.9.8.
-
-## WHAT WE ARE DOING
-
-DIVD is currently working to identify vulnerable instances and notify the owners of these systems.
-
-## MORE INFORMATION
-
-- [ConnectWise ScreenConnect 23.9.8 security fix](https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8)
-- [Detection Guidance for ConnectWise CVE-2024-1709](https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2)
-- [CVE-2024-1708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1708)
-- [CVE-2024-1709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1709)
diff --git a/content/newsroom/articles/case-connectwise-screenconnect.nl.md b/content/newsroom/articles/case-connectwise-screenconnect.nl.md
deleted file mode 100644
index 63a15d57..00000000
--- a/content/newsroom/articles/case-connectwise-screenconnect.nl.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-title: Test case
-date: 2023-10-02T13:03:04.852Z
-intro: This is a test case
-case:
- caseid: DIVD-2024-00008
- closed: false
- link: https://divd.nl
----
-This case was amazing!
diff --git a/content/newsroom/articles/case-exposed-bacnet-devices.en.md b/content/newsroom/articles/case-exposed-bacnet-devices.en.md
index 83e599c1..49953a74 100644
--- a/content/newsroom/articles/case-exposed-bacnet-devices.en.md
+++ b/content/newsroom/articles/case-exposed-bacnet-devices.en.md
@@ -5,11 +5,15 @@ author: []
tag: case
intro: A DIVD researcher discovered multiple vulnerabilities in SmarterMail. Both vulnerabilities were found within the webmail frontend of SmarterMail.
image: /images/articles/smartermail-vulnerability-divd.png
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2021-00006
closed: true
- link: https://csirt.divd.nl/cases/DIVD-2021-00006/
+ link:
+ label: DIVD-2021-00006
+ url: https://csirt.divd.nl/cases/DIVD-2021-00006/
+ invertedColors: false
+ external: true
lead: Lennaert Oudshoorn
leadlink: https://www.divd.nl/people/Lennaert%20Oudshoorn/
researchers:
@@ -21,6 +25,7 @@ case:
link: https://www.divd.nl/who-we-are/team/people/wietse-boonstra/
faq_enabled: false
---
+
DIVD notified SmarterTools Inc. of the following vulnerabilities:
- [CVE-2021-43977](https://csirt.divd.nl/cves/CVE-2021-43977) - SmarterTools SmarterMail before 100.0.7803 (May 13, 2021) and 16.x allows XSS.
diff --git a/content/newsroom/articles/case-exposed-bacnet-devices.nl.md b/content/newsroom/articles/case-exposed-bacnet-devices.nl.md
index 23ae9104..cb355648 100644
--- a/content/newsroom/articles/case-exposed-bacnet-devices.nl.md
+++ b/content/newsroom/articles/case-exposed-bacnet-devices.nl.md
@@ -7,4 +7,5 @@ case:
caseid: DIVD-2022-00005
closed: true
---
+
CASE: SMARTERMAIL
diff --git a/content/newsroom/articles/case-facebook-leak.en.md b/content/newsroom/articles/case-facebook-leak.en.md
index 56334cf2..55fd950b 100644
--- a/content/newsroom/articles/case-facebook-leak.en.md
+++ b/content/newsroom/articles/case-facebook-leak.en.md
@@ -5,7 +5,7 @@ author: []
tag: case
intro: On April 4 several news platforms reported personal data of 533 million Facebook users was leaked. This is actually a non-report, but it demonstrates where we draw the boundaries on what we can and cannot do according to our code of conduct.
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/case-facebook-leak.nl.md b/content/newsroom/articles/case-facebook-leak.nl.md
index 1ba729da..fe842f0b 100644
--- a/content/newsroom/articles/case-facebook-leak.nl.md
+++ b/content/newsroom/articles/case-facebook-leak.nl.md
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: Op 4 april meldden verschillende nieuwsplatforms dat persoonlijke gegevens van 533 miljoen Facebook-gebruikers waren uitgelekt. Dit is eigenlijk een niet-rapport, maar het laat zien waar we de grenzen trekken van wat we wel en niet kunnen doen volgens onze gedragscode.
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/case-ivanti.en.md b/content/newsroom/articles/case-ivanti.en.md
index 6610c2b5..8d52c139 100644
--- a/content/newsroom/articles/case-ivanti.en.md
+++ b/content/newsroom/articles/case-ivanti.en.md
@@ -3,11 +3,15 @@ title: "CASE: Attackers exploit zero day vulnerabilities in Ivanti software, and
date: 2024-07-03T21:27:00+02:00
tag: case
intro: "An unknown attacker exploited several zero-day vulnerabilities in two Ivanti services: Ivanti EPMM and Avanti Sentry. The DIVD helped notify users of Ivanti software."
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2023-00031
closed: false
- link: https://csirt.divd.nl/cases/DIVD-2023-00031/
+ link:
+ label: DIVD-2023-00031
+ url: https://csirt.divd.nl/cases/DIVD-2023-00031/
+ invertedColors: false
+ external: true
lead: Lennaert Oudshoorn
leadlink: https://www.divd.nl/who-we-are/team/people/lennaert/
researchers:
@@ -21,11 +25,12 @@ faq:
intro: ""
url: ""
---
-On Monday, July 24, 2023, it became clear that the Norwegian government had fallen victim to a cyberattack. The Norwegian Government Security and Service Organisation (DSS) and the Norwegian National Security Authority (NSM) reported that they had been targeted in an attack on an ICT platform used by twelve ministries. And they were not the only victims, as revealed by the story of Tor Bjørsted and Erlend Leiknes, two researchers from the company Memnonic (1).
+
+On Monday, July 24, 2023, it became clear that the Norwegian government had fallen victim to a cyberattack. The Norwegian Government Security and Service Organisation (DSS) and the Norwegian National Security Authority (NSM) reported that they had been targeted in an attack on an ICT platform used by twelve ministries. And they were not the only victims, as revealed by the story of Tor Bjørsted and Erlend Leiknes, two researchers from the company Memnonic (1).
### Zero-days
-Bjørsted and Leiknes could not share the names of other affected entities.
+Bjørsted and Leiknes could not share the names of other affected entities.
The Norwegian government contacted Memnonic's incident response team. Researchers from Memnonic discovered that an unknown attacker had exploited several zero-day vulnerabilities in two Ivanti services: Ivanti EPMM and Avanti Sentry.
@@ -33,13 +38,13 @@ Ivanti is a software company that provides IT management products, including dev
Ivanti Endpoint Manager Mobile (Ivanti EPMM) is a software engine for managing mobile devices that enables IT to set policies for mobile devices, applications, and content. With EPMM, an organization can maintain control over mobile devices and their applications within the organization.
-Ivanti Sentry is a gateway that manages and encrypts traffic between a company's mobile devices and backend systems.
+Ivanti Sentry is a gateway that manages and encrypts traffic between a company's mobile devices and backend systems.
-Members of the Memnonic incident response team managed to find two vulnerabilities in Ivanti EPMM and notified Ivanti.
+Members of the Memnonic incident response team managed to find two vulnerabilities in Ivanti EPMM and notified Ivanti.
On July 23 Ivanti published a patch for the first vulnerability ([CVE 2023-35078](https://nvd.nist.gov/vuln/detail/cve-2023-35078)) and on July 28 a patch for the second vulnerability ([CVE 2023-35081](https://nvd.nist.gov/vuln/detail/CVE-2023-35081)).
-CVE-2023-35078 allows an unauthenticated attacker to access the API remotely and, if exploited, enables an unauthorized, remotely accessible (via the internet) actor to potentially access personally identifiable information of users.
+CVE-2023-35078 allows an unauthenticated attacker to access the API remotely and, if exploited, enables an unauthorized, remotely accessible (via the internet) actor to potentially access personally identifiable information of users.
CVE-2023-35081 is a path traversal vulnerability, which, when combined with CVE-2023-35078, allows code execution on the EPMM server. It appeared that the attacker used the vulnerabilities in conjunction with a third vulnerability in Ivanti Sentry. It took a bit longer to find this third vulnerability (CVE-2023-38035). Eventually, Bjørsted and Leiknes succeeded, and the entire chain was revealed.
diff --git a/content/newsroom/articles/case-ivanti.nl.md b/content/newsroom/articles/case-ivanti.nl.md
index f457d88a..9051578a 100644
--- a/content/newsroom/articles/case-ivanti.nl.md
+++ b/content/newsroom/articles/case-ivanti.nl.md
@@ -3,4 +3,5 @@ title: .
date: 2024-07-03T19:27:00.000Z
intro: .
---
+
.
diff --git a/content/newsroom/articles/case-kaseya-vsa-behind-the-scenes.en.md b/content/newsroom/articles/case-kaseya-vsa-behind-the-scenes.en.md
index 7d80ac9e..3dc0b4c6 100644
--- a/content/newsroom/articles/case-kaseya-vsa-behind-the-scenes.en.md
+++ b/content/newsroom/articles/case-kaseya-vsa-behind-the-scenes.en.md
@@ -5,11 +5,15 @@ author: []
tag: case
intro: In April 2021 Dutch hackers found a number of vulnerabilities in software used by Kaseya, a business that makes tools for system managers working remotely. This is a translation of a chapter from the book Hackers by Gerard Janssen. This chapter starts after the story of Dutch hacker Victor Gevers discovered that two-factor authentication of Donald Trump’s Twitter account was disabled and guessed his Twitter password, in November 2020.
image: ""
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2021-00002
closed: true
- link: https://csirt.divd.nl/cases/DIVD-2021-00002/
+ link:
+ label: DIVD-2021-00002
+ url: https://csirt.divd.nl/cases/DIVD-2021-00002/
+ invertedColors: false
+ external: true
lead: Frank Breedijk
leadlink: https://www.divd.nl/who-we-are/team/people/frank-breedijk/
researchers:
diff --git a/content/newsroom/articles/case-kaseya-vsa-behind-the-scenes.nl.md b/content/newsroom/articles/case-kaseya-vsa-behind-the-scenes.nl.md
index d5551015..fc7534b4 100644
--- a/content/newsroom/articles/case-kaseya-vsa-behind-the-scenes.nl.md
+++ b/content/newsroom/articles/case-kaseya-vsa-behind-the-scenes.nl.md
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: xx
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/case-kaseya.en.md b/content/newsroom/articles/case-kaseya.en.md
index eb0c5ba5..3dd15b02 100644
--- a/content/newsroom/articles/case-kaseya.en.md
+++ b/content/newsroom/articles/case-kaseya.en.md
@@ -6,11 +6,15 @@ author:
- /who-we-are/team/people/joost-hendricksen
tag: case
intro: On March 23, 2021, DIVD volunteer Wietse Boonstra found six zero-day vulnerabilities in IT management software from Kaseya, a Miami-based company. This turned out to be one of the biggest (ransomware) cases in history, a case with a huge impact worldwide.
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2021-00002
closed: true
- link: https://csirt.divd.nl/cases/DIVD-2021-00002/
+ link:
+ label: DIVD-2021-00002
+ url: https://csirt.divd.nl/cases/DIVD-2021-00002/
+ invertedColors: false
+ external: true
lead: Frank Breedijk
leadlink: https://www.divd.nl/who-we-are/team/people/frank-breedijk/
researchers:
diff --git a/content/newsroom/articles/case-kaseya.nl.md b/content/newsroom/articles/case-kaseya.nl.md
index 4b9593fb..3a055b15 100644
--- a/content/newsroom/articles/case-kaseya.nl.md
+++ b/content/newsroom/articles/case-kaseya.nl.md
@@ -5,9 +5,10 @@ author:
- /who-we-are/team/people/victor-gevers
- /who-we-are/team/people/joost-hendricksen
intro: Dit is een test artikel
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2021-00002
closed: true
---
+
The body
diff --git a/content/newsroom/articles/case-leaked-phishing-credentials-zoom.en.md b/content/newsroom/articles/case-leaked-phishing-credentials-zoom.en.md
index 7e57ede9..95cc1e7e 100644
--- a/content/newsroom/articles/case-leaked-phishing-credentials-zoom.en.md
+++ b/content/newsroom/articles/case-leaked-phishing-credentials-zoom.en.md
@@ -5,11 +5,15 @@ author: []
tag: case
intro: At the end of November 2020, criminals conducted a phishing campaign that mimicked Zoom message invites and notifications about mail quarantine. On January 1, 2021, email notifications were sent to the victims of this phishing scheme. In total, 370 emails were distributed.
image: /images/DIVD-casefile.png
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2020-00013
closed: true
- link: https://csirt.divd.nl/cases/DIVD-2020-00013/
+ link:
+ label: DIVD-2020-00013
+ url: https://csirt.divd.nl/cases/DIVD-2020-00013/
+ invertedColors: false
+ external: true
lead: Frank Breedijk
leadlink: https://www.divd.nl/who-we-are/team/people/frank-breedijk/
researchers:
diff --git a/content/newsroom/articles/case-leaked-phishing-credentials-zoom.nl.md b/content/newsroom/articles/case-leaked-phishing-credentials-zoom.nl.md
index cf85cf1a..018dfe98 100644
--- a/content/newsroom/articles/case-leaked-phishing-credentials-zoom.nl.md
+++ b/content/newsroom/articles/case-leaked-phishing-credentials-zoom.nl.md
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: intro
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/case-smbv3-server-compression-transform-header-memory-corruption.en.md b/content/newsroom/articles/case-smbv3-server-compression-transform-header-memory-corruption.en.md
index 15a3aa51..0bddb9f0 100644
--- a/content/newsroom/articles/case-smbv3-server-compression-transform-header-memory-corruption.en.md
+++ b/content/newsroom/articles/case-smbv3-server-compression-transform-header-memory-corruption.en.md
@@ -5,11 +5,15 @@ author: []
tag: case
intro: On March 10, 2020, Microsoft published information about a serious vulnerability in Microsoft’s Server Block Protocol version 3. The vulnerability (CVE-2020-0796) is a remote code execution vulnerability that exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.
image: ""
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2020-00006
closed: true
- link: https://csirt.divd.nl/cases/DIVD-2020-00006/
+ link:
+ label: DIVD-2020-00006
+ url: https://csirt.divd.nl/cases/DIVD-2020-00006/
+ invertedColors: false
+ external: true
lead: Sander Spierenburg
leadlink: ""
researchers:
diff --git a/content/newsroom/articles/case-smbv3-server-compression-transform-header-memory-corruption.nl.md b/content/newsroom/articles/case-smbv3-server-compression-transform-header-memory-corruption.nl.md
index e285df82..781ba568 100644
--- a/content/newsroom/articles/case-smbv3-server-compression-transform-header-memory-corruption.nl.md
+++ b/content/newsroom/articles/case-smbv3-server-compression-transform-header-memory-corruption.nl.md
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: intro
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/case-solarwinds-orion.en.md b/content/newsroom/articles/case-solarwinds-orion.en.md
index 59cc0002..f03a4dfa 100644
--- a/content/newsroom/articles/case-solarwinds-orion.en.md
+++ b/content/newsroom/articles/case-solarwinds-orion.en.md
@@ -5,11 +5,15 @@ author: []
tag: case
intro: On December 8, 2020, FireEye announced that the company had fallen victim to a hack. DIVD scanned for Supernova and found around 700 vulnerable Solarwinds Orion systems facing the internet, worldwide, including systems of foreign defense units and satellite communication. Eight of these systems used IP addresses from the Netherlands.
image: ""
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2020-00014
closed: true
- link: https://csirt.divd.nl/cases/DIVD-2020-00014/
+ link:
+ label: DIVD-2020-00014
+ url: https://csirt.divd.nl/cases/DIVD-2020-00014/
+ invertedColors: false
+ external: true
lead: Barry van Kampen
leadlink: https://www.divd.nl/who-we-are/team/people/barry-van-kampen/
researchers:
diff --git a/content/newsroom/articles/case-solarwinds-orion.nl.md b/content/newsroom/articles/case-solarwinds-orion.nl.md
index 034032a6..bc83e546 100644
--- a/content/newsroom/articles/case-solarwinds-orion.nl.md
+++ b/content/newsroom/articles/case-solarwinds-orion.nl.md
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: xx
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/case-teamcity.en.md b/content/newsroom/articles/case-teamcity.en.md
index 2f179656..3bcd0da8 100644
--- a/content/newsroom/articles/case-teamcity.en.md
+++ b/content/newsroom/articles/case-teamcity.en.md
@@ -1,22 +1,24 @@
---
title: "CASE : AUTHENTICATION BYPASS IN JETBRAINS TEAMCITY"
-date: 2023-10-05T21:18:58.544Z
+date: 2023-10-05T21:18:00+02:00
tag: case
-intro: A critical security issue was recently identified in TeamCity
- On-Premises. If abused, the flaw may enable an unauthenticated attacker with
- HTTP(S) access to a TeamCity server to perform bypass authentication checks
- and gain administrative control of that TeamCity server.
+intro: A critical security issue was recently identified in TeamCity On-Premises. If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform bypass authentication checks and gain administrative control of that TeamCity server.
image: /images/articles/divd-2024-00009-authentication-bypass-in-jetbrains-teamcity.png
-image_alt: Picture of a bug (insect)
+alt: ""
case:
caseid: DIVD-2024-00009
- link: https://csirt.divd.nl/cases/DIVD-2024-00009/
+ link:
+ label: DIVD-2024-00009
+ url: https://csirt.divd.nl/cases/DIVD-2024-00009/
+ invertedColors: false
+ external: true
lead: Alwin Warringa
leadlink: https://www.divd.nl/people/Alwin%20Warringa/
researchers:
- label: Alwin Warringa
link: https://www.divd.nl/people/Alwin%20Warringa/
- label: Gerben van der Wel
+image_alt: Picture of a bug (insect)
---
## SUMMARY
@@ -32,6 +34,6 @@ DIVD is currently working to identify vulnerable instances and notify the owners
## MORE INFORMATION
-* [JetBrains Advisory](https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/)
-* [CVE-2024-27198](https://nvd.nist.gov/vuln/detail/CVE-2024-27198)
-* [CVE-2024-27199](https://nvd.nist.gov/vuln/detail/CVE-2024-27199)
\ No newline at end of file
+- [JetBrains Advisory](https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/)
+- [CVE-2024-27198](https://nvd.nist.gov/vuln/detail/CVE-2024-27198)
+- [CVE-2024-27199](https://nvd.nist.gov/vuln/detail/CVE-2024-27199)
diff --git a/content/newsroom/articles/case-teamcity.nl.md b/content/newsroom/articles/case-teamcity.nl.md
index c68cfb31..3c5c5999 100644
--- a/content/newsroom/articles/case-teamcity.nl.md
+++ b/content/newsroom/articles/case-teamcity.nl.md
@@ -3,6 +3,7 @@ title: Test article with image
date: 2023-10-05T21:18:58.567Z
intro: This is the introduction text of the article
image: /images/articles/agracadavra.png
+alt: ""
image_alt: Picture of a bug (insect)
---
-The body of the article
\ No newline at end of file
+The body of the article
diff --git a/content/newsroom/articles/case-with-new-properties.en.md b/content/newsroom/articles/case-with-new-properties.en.md
deleted file mode 100644
index 1a0606bd..00000000
--- a/content/newsroom/articles/case-with-new-properties.en.md
+++ /dev/null
@@ -1,26 +0,0 @@
----
-title: "CASE: EXPOSED BACNET DEVICES"
-date: 2023-12-19T13:42:20.205Z
-author: []
-tag: case
-intro: During the Log4J crisis, researchers uncovered BACnet devices with open
- ports. Upon further investigation, more devices have been found running the
- BACnet protocol.
-image: /images/articles/bacnet-exposed-devies-divd.png
-Alt tag for image: ""
-case:
- caseid: 2022-00005
- link: https://csirt.divd.nl/cases/DIVD-2022-00005/
- lead: Ruben Uithol
- leadlink: ""
- researchers:
- - label: Arthur Miron
- link: ""
- - label: Patrick Hulshof
- closed: true
----
-BACnet, or Building Automation and Control Networks, is a widely adopted communication protocol designed for building automation and control systems. Established as an international standard by the American Society of Heating, Refrigerating, and Air-Conditioning Engineers (ASHRAE), BACnet facilitates communication and interoperability between devices and systems used in areas such as heating, ventilation, air-conditioning (HVAC), lighting, access, and fire detection. It is employed worldwide in commercial, industrial, and residential buildings to ensure effective and efficient building management.
-
-These systems might be at risk of unauthorized access or manipulation by threat actors. Communication can be unencrypted and without proper authentication mechanisms, making it potentially vulnerable to interception or tampering. An exposed BACnet port also increases the attack surface of the Siemens systems, potentially allowing attackers to gain access to other parts of the network and causing further damage.
-
-The unintended exposure of BACnet ports poses potential security threats and may open the door to unauthorized access to essential building infrastructure. In our initial investigation, we used Shodan to explore BACnet-port 47808. The search revealed a total of 29,736 systems were exposed. Following this, we conducted a scan and found 12,572 vulnerable BACnet systems. The respective owners of these systems were promptly notified and provided with strategic advice to restrict access to their BACnet controllers.
diff --git a/content/newsroom/articles/case-with-new-properties.nl.md b/content/newsroom/articles/case-with-new-properties.nl.md
deleted file mode 100644
index fc1660d5..00000000
--- a/content/newsroom/articles/case-with-new-properties.nl.md
+++ /dev/null
@@ -1,26 +0,0 @@
----
-title: Case with new properties
-date: 2023-12-19T13:42:20.212Z
-author: []
-intro: This is the introduction
-Alt tag for image: Gate to enlightenment
-case:
- caseid: 2022-00005
- link: https://case.divd.nl/123
- lead: Banana
- leadlink: https://banana.nl
- researchers:
- - label: Pear
- link: https://pear.nl
- - label: Lemon
- closed: true
----
-This is the body of the article
-
-With some markup for **bold** and *italic*
-
-### And a header
-
-> and a quote
-
-Dont forget a [link](http://pear.nl)
diff --git a/content/newsroom/articles/divd-responsibly-discloses-six-new-zero-day-vulnerabilities-to-vendor.en.md b/content/newsroom/articles/divd-responsibly-discloses-six-new-zero-day-vulnerabilities-to-vendor.en.md
index 99cbcaf5..c9011e16 100644
--- a/content/newsroom/articles/divd-responsibly-discloses-six-new-zero-day-vulnerabilities-to-vendor.en.md
+++ b/content/newsroom/articles/divd-responsibly-discloses-six-new-zero-day-vulnerabilities-to-vendor.en.md
@@ -5,11 +5,15 @@ author: []
tag: case
intro: DIVD researchers have discovered and, in collaboration with the vendor, disclosed six new zero-day vulnerabilities in Enphase IQ Gateway devices.
image: /images/image (1).png
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2024-00011
closed: false
- link: https://csirt.divd.nl/cases/DIVD-2024-00011/
+ link:
+ label: DIVD-2024-00011
+ url: https://csirt.divd.nl/cases/DIVD-2024-00011/
+ invertedColors: false
+ external: true
lead: Frank Breedijk
leadlink: https://www.divd.nl/who-we-are/team/people/frank-breedijk/
researchers:
@@ -25,16 +29,17 @@ case:
faq_enabled: false
faq: null
---
+
**The Hague, Netherlands – Aug 12, 2024**
by [Serena de Pater](https://www.divd.nl/who-we-are/team/people/serena-de-pater/) and [Marieke Smits](https://www.divd.nl/who-we-are/team/people/marieke-smits/)
## About the case
-DIVD researchers have discovered and, in collaboration with the vendor, disclosed **six new zero-day vulnerabilities** in [Enphase IQ Gateway devices](https://enphase.com/cybersecurity/advisories/ensa-2024-6?_gl=1*ut63dx*_up*MQ..*_ga*MTU3MzcwMTgxMC4xNzIzMzY5ODY2*_ga_0L7F5QSJ7V*MTcyMzM2OTg2NS4xLjAuMTcyMzM2OTg2NS4wLjAuMA..). This investigation was conducted by [Wietse Boonstra](https://www.divd.nl/who-we-are/team/people/wietse-boonstra/) and [Hidde Smit](https://www.divd.nl/who-we-are/team/people/hidde-smit/), both researchers at DIVD, under case [DIVD-2024-00011](https://csirt.divd.nl/DIVD-2024-00011).
+DIVD researchers have discovered and, in collaboration with the vendor, disclosed **six new zero-day vulnerabilities** in [Enphase IQ Gateway devices](https://enphase.com/cybersecurity/advisories/ensa-2024-6?_gl=1*ut63dx*_up*MQ..*_ga*MTU3MzcwMTgxMC4xNzIzMzY5ODY2*_ga_0L7F5QSJ7V*MTcyMzM2OTg2NS4xLjAuMTcyMzM2OTg2NS4wLjAuMA..). This investigation was conducted by [Wietse Boonstra](https://www.divd.nl/who-we-are/team/people/wietse-boonstra/) and [Hidde Smit](https://www.divd.nl/who-we-are/team/people/hidde-smit/), both researchers at DIVD, under case [DIVD-2024-00011](https://csirt.divd.nl/DIVD-2024-00011).
Additionally, DIVD has independently assigned CVE IDs (Common Vulnerabilities and Exposure IDs). This highlights DIVD's role as a CVE Numbering Authority (CNA), which distinguishes it from other similar organisations.
-The six vulnerabilities were reported to Enphase by the DIVD team, and Enphase has addressed them in their next release, which they are currently rolling out to their customers. DIVD is working with Enphase to identify vulnerable and exposed Envoy IQ Gateways globally to assist with the patching process.
+The six vulnerabilities were reported to Enphase by the DIVD team, and Enphase has addressed them in their next release, which they are currently rolling out to their customers. DIVD is working with Enphase to identify vulnerable and exposed Envoy IQ Gateways globally to assist with the patching process.
## Impact
@@ -44,15 +49,15 @@ Combining the first three of the six vulnerabilities enables unauthenticated att
The energy sector is crucial to our daily lives, yet we're seeing a concerning rise in vulnerabilities, especially with the rapid energy transition. As new technologies like smart grids and IoT devices are integrated, the sector's exposure to risks increases. This surge in vulnerabilities likely stems from the fast-paced innovation that often outstrips security measures. Given the sector's importance, it's vital to prioritize cybersecurity to safeguard against these growing threats.
-In 2022, DIVD researcher [Jelle Ursem](https://www.divd.nl/who-we-are/team/people/jelle-ursem/) found a GitHub repository that contained [SolarMan's Super Admin account login details](https://csirt.divd.nl/cases/DIVD-2022-00009/). These were visible to anyone who visited the page and could have allowed cybercriminals to manage around 1 million solar panel inverters globally, which thankfully did not happen due to responsible disclosure.
+In 2022, DIVD researcher [Jelle Ursem](https://www.divd.nl/who-we-are/team/people/jelle-ursem/) found a GitHub repository that contained [SolarMan's Super Admin account login details](https://csirt.divd.nl/cases/DIVD-2022-00009/). These were visible to anyone who visited the page and could have allowed cybercriminals to manage around 1 million solar panel inverters globally, which thankfully did not happen due to responsible disclosure.
-> *“At DIVD, we sincerely hope that preventive actions are taken to address vulnerabilities and weaknesses before any disaster occurs. We already found multiple vulnerabilities at charge points and their backends, which we reported. And according to [a research on the impact of a hack on the charging infrastructure by Berenschot](https://www.agendalaadinfrastructuur.nl/ondersteuning+gemeenten/documenten+en+links/documenten+in+bibliotheek/handlerdownloadfiles.ashx?idnv=2135552) a blackout would cost us at least multiple billions of euros each day in the Netherlands”. - [Harm van den Brink](https://www.divd.nl/who-we-are/team/people/harm-van-den-brink/) (Researcher Energy)*
+> _“At DIVD, we sincerely hope that preventive actions are taken to address vulnerabilities and weaknesses before any disaster occurs. We already found multiple vulnerabilities at charge points and their backends, which we reported. And according to [a research on the impact of a hack on the charging infrastructure by Berenschot](https://www.agendalaadinfrastructuur.nl/ondersteuning+gemeenten/documenten+en+links/documenten+in+bibliotheek/handlerdownloadfiles.ashx?idnv=2135552) a blackout would cost us at least multiple billions of euros each day in the Netherlands”. - [Harm van den Brink](https://www.divd.nl/who-we-are/team/people/harm-van-den-brink/) (Researcher Energy)_
On Monday, August 12, 2024, the Dutch Enterprise Agency (Rijksdienst voor Ondernemend Nederland) published a [report](https://topsectorenergie.nl/kennisbank/maatregelen-cyberveiligheid-zonpv/) about an investigation into vulnerabilities in Dutch Solar Power systems, performed by [Secura](https://www.secura.com/) on behalf of the Netherlands Enterprise Agency, at the request of and in collaboration with the Top Sector Energy.
Lastly, on Wednesday, August 7th, another report was published by Bitdefender listing vulnerabilities in solar farms in the U.S.
-> *“[Hypponen's law](https://blog.f-secure.com/nl/de-wet-van-hypponen-als-het-smart-het-kwetsbaar/) also seems to apply to the energy transition: If it is "smart" it is vulnerable. So far, every solar power or charging station system that was investigated by DIVD contains some kind of serious vulnerability. DIVD is actively seeking publicity with these cases because in addition to a technical problem, a public concern is now emerging.“* *-[ Frank Breedijk](https://www.divd.nl/who-we-are/team/people/frank-breedijk/) (CSIRT Manager).*
+> _“[Hypponen's law](https://blog.f-secure.com/nl/de-wet-van-hypponen-als-het-smart-het-kwetsbaar/) also seems to apply to the energy transition: If it is "smart" it is vulnerable. So far, every solar power or charging station system that was investigated by DIVD contains some kind of serious vulnerability. DIVD is actively seeking publicity with these cases because in addition to a technical problem, a public concern is now emerging.“_ _-[ Frank Breedijk](https://www.divd.nl/who-we-are/team/people/frank-breedijk/) (CSIRT Manager)._
If you would like to contribute to DIVD’s mission, your donations are more than welcome. You can also [sign up](https://www.divd.nl/contribute/volunteers/) as a volunteer and offer your time and skills here.
@@ -62,7 +67,8 @@ Make sure to [follow](https://www.linkedin.com/company/divd-nl/?) us on LinkedIn
- [Casefile DIVD-2024-00011](https://csirt.divd.nl/DIVD-2024-00011)
- [Security advisory from Enphase](https://enphase.com/cybersecurity/advisories/ensa-2024-6?_gl=1*ut63dx*_up*MQ..*_ga*MTU3MzcwMTgxMC4xNzIzMzY5ODY2*_ga_0L7F5QSJ7V*MTcyMzM2OTg2NS4xLjAuMTcyMzM2OTg2NS4wLjAuMA..)
-- [Secura; Scenario’s en maatregelen voor cyberweerbare zonnestroominstallaties](https://topsectorenergie.nl/nl/kennisbank/maatregelen-cyberveiligheid-zonpv/)
(NL)
+- [Secura; Scenario’s en maatregelen voor cyberweerbare zonnestroominstallaties](https://topsectorenergie.nl/nl/kennisbank/maatregelen-cyberveiligheid-zonpv/)
+ (NL)
- [Bitdefender report](https://www.bitdefender.com/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states/)
- [Follow the Money](https://www.ftm.nl/artikelen/hacker-kan-stekker-uit-zonnepanelen-trekken-en-stroomnet-platleggen);[ Nederlandse hacker kon 4 miljoen zonnepaneelsystemen in 150 landen overnemen](https://www.ftm.nl/artikelen/hacker-kan-stekker-uit-zonnepanelen-trekken-en-stroomnet-platleggen)
-- [EenVandaag](https://eenvandaag.avrotros.nl/): Demonstration of the vulnerabilities in action, episode is released on the 13th of August at 18:15 CET.
+- [EenVandaag](https://eenvandaag.avrotros.nl/): Demonstration of the vulnerabilities in action, episode is released on the 13th of August at 18:15 CET.
diff --git a/content/newsroom/articles/divd-responsibly-discloses-six-new-zero-day-vulnerabilities-to-vendor.nl.md b/content/newsroom/articles/divd-responsibly-discloses-six-new-zero-day-vulnerabilities-to-vendor.nl.md
index aa5edbab..49022b1e 100644
--- a/content/newsroom/articles/divd-responsibly-discloses-six-new-zero-day-vulnerabilities-to-vendor.nl.md
+++ b/content/newsroom/articles/divd-responsibly-discloses-six-new-zero-day-vulnerabilities-to-vendor.nl.md
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: .
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/how-to-secure-your-blob-storage-container.en.md b/content/newsroom/articles/how-to-secure-your-blob-storage-container.en.md
index 5115dff9..02d1a1f1 100644
--- a/content/newsroom/articles/how-to-secure-your-blob-storage-container.en.md
+++ b/content/newsroom/articles/how-to-secure-your-blob-storage-container.en.md
@@ -5,7 +5,7 @@ author: []
tag: news
intro: Services such as Amazon S3 Buckets and Azure Blob Storage offer the convenience of storing data which is accessible by various users and services simultaneously. However, misconfiguration of any of these storage services can expose your organization to several risks and consequences.
image: /images/OIG2.jpeg
-Alt tag for image: ""
+alt: ""
case:
caseid: ""
closed: false
diff --git a/content/newsroom/articles/how-to-secure-your-blob-storage-container.nl.md b/content/newsroom/articles/how-to-secure-your-blob-storage-container.nl.md
index 65ab644b..88e51cb5 100644
--- a/content/newsroom/articles/how-to-secure-your-blob-storage-container.nl.md
+++ b/content/newsroom/articles/how-to-secure-your-blob-storage-container.nl.md
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: Diensten zoals Azure Blob Storage bieden het gemak van het opslaan van gegevens die tegelijkertijd toegankelijk zijn voor verschillende gebruikers en diensten. Een verkeerde configuratie van een van deze opslagdiensten kan je organisatie echter blootstellen aan verschillende risico's en gevolgen.
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/leaked-credentials-what-we-do-to-keep-you-safe.en.md b/content/newsroom/articles/leaked-credentials-what-we-do-to-keep-you-safe.en.md
index 6bf4e67d..479bc7ae 100644
--- a/content/newsroom/articles/leaked-credentials-what-we-do-to-keep-you-safe.en.md
+++ b/content/newsroom/articles/leaked-credentials-what-we-do-to-keep-you-safe.en.md
@@ -5,7 +5,7 @@ author: []
tag: news
intro: On our website, you might have found a page called ‘how we deal with leaked credentials’ or spotted the case ‘DIVD-2020-00013 Leaked phishing credentials’. Does this mean that our volunteers send out phishing emails and leak the obtained credentials of innocent victims? Of course not!
image: /images/2024-11-19 15_05_56-DIVD & Leaked Credentials - Google Docs.png
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/leaked-credentials-what-we-do-to-keep-you-safe.nl.md b/content/newsroom/articles/leaked-credentials-what-we-do-to-keep-you-safe.nl.md
index ba147964..9fb2e43f 100644
--- a/content/newsroom/articles/leaked-credentials-what-we-do-to-keep-you-safe.nl.md
+++ b/content/newsroom/articles/leaked-credentials-what-we-do-to-keep-you-safe.nl.md
@@ -1,15 +1,16 @@
---
title: "Leaked credentials: What we do to keep you safe"
-date: ""
+date: 2024-11-19T16:01:00+01:00
author: []
tag: ""
intro: On our website, you might have found a page called ‘how we deal with leaked credentials’ or spotted the case ‘DIVD-2020-00013 Leaked phishing credentials’. Does this mean that our volunteers send out phishing emails and leak the obtained credentials of innocent victims? Of course not!
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
---
+
**Nov 19, 2024** by [Serena de Pater](https://www.divd.nl/who-we-are/team/people/serena-de-pater/)
### What are leaked credentials?
@@ -28,7 +29,7 @@ No, of course not! Our mission is to make the digital world safer by reporting v
At the end of November 2021, cybercriminals engaged in a phishing campaign posing as Zoom. If a victim fell for this scam and entered their personal credentials, those credentials got compromised.
-While investigating this phishing campaign, a partner organization discovered that the compromised usernames and passwords were stored in improperly secured directories, unintentionally exposing them to public access. This meant that not only the criminals but anyone could access the credentials. The leaked credentials were downloaded from the internet. After connecting and collaborating with our partners, our CSIRT received the Dutch part (386 accounts) of the harvested credentials, so that we could inform potential victims.
+While investigating this phishing campaign, a partner organization discovered that the compromised usernames and passwords were stored in improperly secured directories, unintentionally exposing them to public access. This meant that not only the criminals but anyone could access the credentials. The leaked credentials were downloaded from the internet. After connecting and collaborating with our partners, our CSIRT received the Dutch part (386 accounts) of the harvested credentials, so that we could inform potential victims.
{{< /callout >}}
@@ -38,7 +39,7 @@ Leaked credentials come into our possession through trusted sources, such as tip
### What do we do with leaked credentials?
-Our priority is to ensure the data is handled responsibly, minimizing harm while protecting individual privacy. When a breach involves a small number of accounts (fewer than two million), we [directly inform affected individuals](https://www.divd.nl/warningemail/).
+Our priority is to ensure the data is handled responsibly, minimizing harm while protecting individual privacy. When a breach involves a small number of accounts (fewer than two million), we [directly inform affected individuals](https://www.divd.nl/warningemail/).
For larger breaches, we create two types of summaries:
@@ -59,7 +60,7 @@ We are also mindful of human rights concerns. When working with government entit
Yes, leaked credentials represent a significant cybersecurity vulnerability. Like unpatched software vulnerabilities (CVEs), leaked credentials can be exploited by criminals. These breaches often lead to unauthorized access, data theft, or other forms of cyberattacks.
-As volunteers, we have taken it upon ourselves to inform victims of cybercrime—not only those with vulnerable systems but also those whose credentials have been leaked online. Would you like to read more about how we deal with leaked credentials? Please visit our [CSIRT Page](https://csirt.divd.nl/credentials/).
+As volunteers, we have taken it upon ourselves to inform victims of cybercrime—not only those with vulnerable systems but also those whose credentials have been leaked online. Would you like to read more about how we deal with leaked credentials? Please visit our [CSIRT Page](https://csirt.divd.nl/credentials/).
### Cases involving leaked credentials
diff --git a/content/newsroom/articles/maintain-recognition-of-divd-academy-for-vulnerable-students.en.md b/content/newsroom/articles/maintain-recognition-of-divd-academy-for-vulnerable-students.en.md
index 51ee20fd..ed7dfe3f 100644
--- a/content/newsroom/articles/maintain-recognition-of-divd-academy-for-vulnerable-students.en.md
+++ b/content/newsroom/articles/maintain-recognition-of-divd-academy-for-vulnerable-students.en.md
@@ -9,4 +9,5 @@ faq_enabled: false
faq:
title: faq
---
+
On 3 June, we sent a letter from the DIVD Academy to outgoing minister Mariëlle Paul about the SBB's planned withdrawal of our recognition from 1 July 2024. This decision will have major consequences for VMBO, MBO, LWT students and students with disabilities, who are already struggling to find internships. The DIVD Academy selflessly offers these young people a platform to increase their knowledge and skills and develop into responsible citizens. Withdrawing our recognition is heartless and socially unwise. We urge the minister to suspend this withdrawal so that our students can complete their planned placements. Please support us and help these young people find a promising future! [Click here!](https://petities.nl/petitions/behoud-de-erkenning-van-divd-academy-voor-kwetsbare-studenten?locale=nl)
diff --git a/content/newsroom/articles/online-test-article.en.md b/content/newsroom/articles/online-test-article.en.md
index e51eec93..cff071fe 100644
--- a/content/newsroom/articles/online-test-article.en.md
+++ b/content/newsroom/articles/online-test-article.en.md
@@ -4,11 +4,15 @@ date: 2023-10-21T23:24:00+02:00
tag: case
intro: In cooperation with DIVD, NCSC-NL and several EU govcerts, 14,986 global vulnerable hosts were found and notified.
image: /images/articles/divd-2023-00007-global-vmware-esxi-ransomware-attack.png
-Alt tag for image: ""
+alt: ""
case:
caseid: DIVD-2023-00007
closed: true
- link: https://csirt.divd.nl/cases/DIVD-2023-00007/
+ link:
+ label: DIVD-2023-00007
+ url: https://csirt.divd.nl/cases/DIVD-2023-00007/
+ invertedColors: false
+ external: true
lead: Ralph Horn
leadlink: https://www.divd.nl/who-we-are/team/people/ralph-horn/
researchers:
@@ -21,6 +25,7 @@ case:
faq_enabled: false
image_alt: Picture of the entrance to a mine
---
+
On February 3rd, DIVD became aware of a global ransomware attack that targeted vulnerable VMware ESXi servers, specifically those susceptible to **CVE-2021-21974.** In response, DIVD conducted a scan of ESXi servers accessible via the internet and notified users, urging them to patch their systems to prevent potential exploitation. VMware ESXi is a type 1 hypervisor that is part of VMware’s larger vSphere suite. It provides a platform for virtualizing servers and allows for the running of multiple operating systems on a single physical server. As a bare-metal hypervisor, ESXi is directly installed on the server hardware, providing an efficient way to manage and partition hardware resources like CPU, memory, storage, and networking among multiple virtual machines (VMs). ESXi includes features such as VMotion, which enables live migration of running VMs from one physical server to another with no downtime, and High Availability, which allows for automatic VM restart on other available servers in case of hardware failure. ESXi also provides security features, including VM encryption, and secure boot.
CVE-2021-21974 is a vulnerability in OpenSSL as used in ESXi. OpenSSL is an open standard network protocol that enables dynamic discovery and communication with network services in LANs and WANs. The vulnerability in the protocol is a heap overflow vulnerability. A malicious actor who resides within the same network segment as ESXi and has access to TDP or UDP port 427, may be able to trigger the heap-overflow vulnerability in the OpenSLP service, which could result in remote code execution. The versions of ESXi that are vulnerable to this issue are 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, and 6.5 before ESXi650-202102101-SG.
diff --git a/content/newsroom/articles/online-test-article.nl.md b/content/newsroom/articles/online-test-article.nl.md
index 47b20c43..759ba561 100644
--- a/content/newsroom/articles/online-test-article.nl.md
+++ b/content/newsroom/articles/online-test-article.nl.md
@@ -8,4 +8,5 @@ case:
closed: true
image_alt: Foto van de ingang van een mijn
---
+
The body of the article
diff --git a/content/newsroom/articles/operation-endgame-divd-2024-00019.en.md b/content/newsroom/articles/operation-endgame-divd-2024-00019.en.md
index 143c25da..a9fb7703 100644
--- a/content/newsroom/articles/operation-endgame-divd-2024-00019.en.md
+++ b/content/newsroom/articles/operation-endgame-divd-2024-00019.en.md
@@ -1,53 +1,45 @@
---
title: OPERATION ENDGAME DIVD-2024-00019
-date: 2024-05-29T15:19:00.000Z
+date: 2024-05-29T15:19:00+02:00
tag: case
-intro: As part of Operation Endgame the Dutch Police and Europol have
- infiltrated a number of botnets. During this infiltration they obtained data
- about the victims of these botnets. DIVD is providing victim notification for
- civilians.
+intro: As part of Operation Endgame the Dutch Police and Europol have infiltrated a number of botnets. During this infiltration they obtained data about the victims of these botnets. DIVD is providing victim notification for civilians.
image: /images/articles/divd-operation-endgame.png
+alt: ""
case:
caseid: DIVD-2024-00019
- link: https://csirt.divd.nl/cases/DIVD-2024-00019
+ closed: false
+ link:
+ label: asdf
+ url: /
+ invertedColors: true
+ external: false
lead: Frank Breedijk
+ leadlink: ""
researchers:
- label: Frank Breedijk
+ link: ""
- label: Lennaert Oudshoorn
+ link: ""
- label: Ralph Horn
+ link: ""
- label: Max van der Horst
+ link: ""
- label: Marieke Smits
+ link: ""
faq_enabled: false
faq:
title: Frequently Asked Questions
faqgroups:
- faqs:
- - description: "It’s great that you’re skeptical. However, **this is legit and
- definitely not a scam.** This operation is a collaboration between
- the Dutch National Police, Europol, Digital Trust Center, NCSC and
- others. We, Dutch Institute of Vulnerability Disclosure (DIVD), are
- mentioned in the press releases from the Dutch Police and Europol.
- The ‘Check je Hack. (translation: Check your Hack) FAQ also
- mentiones DIVD and shares a link back to this casefile."
- title: "Is this a scam? "
+ - description: "It’s great that you’re skeptical. However, **this is legit and definitely not a scam.** This operation is a collaboration between the Dutch National Police, Europol, Digital Trust Center, NCSC and others. We, Dutch Institute of Vulnerability Disclosure (DIVD), are mentioned in the press releases from the Dutch Police and Europol. The ‘Check je Hack. (translation: Check your Hack) FAQ also mentiones DIVD and shares a link back to this casefile."
+ title: Is this a scam?
- title: Do you have my password?
- description: No, we do not have your password. We may have sent you an email
- containing a partial password, with only the last four characters
- visible. This is the only part of your password we possess because
- the Dutch Police ensured that all passwords were hidden before
- sharing the data with us.
+ description: No, we do not have your password. We may have sent you an email containing a partial password, with only the last four characters visible. This is the only part of your password we possess because the Dutch Police ensured that all passwords were hidden before sharing the data with us.
- title: You are processing my personal data without my consent, is that legal?
- description: Yes it is.Under Dutch law and European privacy regulations, we can
- process this data based on a so-called “legitimate interest.”DIVD is
- a private foundation that operates under a strict [code of
- conduct](https://www.divd.nl/what-we-do/code-of-conduct/), with the
- aim to make the digital world safer.
+ description: Yes it is.Under Dutch law and European privacy regulations, we can process this data based on a so-called “legitimate interest.”DIVD is a private foundation that operates under a strict [code of conduct](https://www.divd.nl/what-we-do/code-of-conduct/), with the aim to make the digital world safer.
url: https://www.divd.nl/faq/faq-operation-endgame/
- intro: >-
- More than 16 million victims worldwide have received a notification email.
- It's understandable that there are questions, so we are sharing the most
- frequently asked questions with you.
-
+ intro: |-
+ More than 16 million victims worldwide have received a notification email. It's understandable that there are questions, so we are sharing the most frequently asked questions with you.
The FAQ is available in English, Dutch, German, French, and Spanish.
---
@@ -55,7 +47,7 @@ As part of Operation Endgame the Dutch Police and Europol have infiltrated a num
This data has been shared with us and various other parties like [Have I Been Pwned](https://haveibeenpwned.com/), [Spam House](https://spamhouse.org), [](https://spamhouse.org)[Project No More Leaks,](https://www.politie.nl/onderwerpen/no-more-leaks.html)[ ](https://www.politie.nl/onderwerpen/no-more-leaks.html)[the (Dutch) NCSC](https://ncsc.nl), [CSIRT-DSP](https://csirtdsp.nl/) and [Digital Trust Center ](https://www.digitaltrustcenter.nl/).
-The data we have received consists of the following data sets:
+The data we have received consists of the following data sets:
1. Email credentials, either SMTP or IMAP credentials
2. ADFS credentials consisting of AD-domain and login credentials
diff --git a/content/newsroom/articles/operation-endgame-divd-2024-00019.nl.md b/content/newsroom/articles/operation-endgame-divd-2024-00019.nl.md
index a59396b2..634146ab 100644
--- a/content/newsroom/articles/operation-endgame-divd-2024-00019.nl.md
+++ b/content/newsroom/articles/operation-endgame-divd-2024-00019.nl.md
@@ -1,3 +1,38 @@
---
+title: OPERATION ENDGAME DIVD-2024-00019
date: 2024-05-30T06:19:00.000Z
+intro: As part of Operation Endgame the Dutch Police and Europol have infiltrated a number of botnets. During this infiltration they obtained data about the victims of these botnets. DIVD is providing victim notification for civilians.
+alt: ""
---
+As part of Operation Endgame the Dutch Police and Europol have infiltrated a number of botnets, including at least Smokeloader, cedId, Pikabot, SystemBC, and Bumblebee. During this infiltration they obtained data about the victims of these botnets. DIVD is providing victim notification for civilians.
+
+This data has been shared with us and various other parties like [Have I Been Pwned](https://haveibeenpwned.com/), [Spam House](https://spamhouse.org), [](https://spamhouse.org)[Project No More Leaks,](https://www.politie.nl/onderwerpen/no-more-leaks.html)[ ](https://www.politie.nl/onderwerpen/no-more-leaks.html)[the (Dutch) NCSC](https://ncsc.nl), [CSIRT-DSP](https://csirtdsp.nl/) and [Digital Trust Center ](https://www.digitaltrustcenter.nl/).
+
+The data we have received consists of the following data sets:
+
+1. Email credentials, either SMTP or IMAP credentials
+2. ADFS credentials consisting of AD-domain and login credentials
+3. Unlabelled individual (email) account credentials.
+
+\
+**RECOMMENDATIONS**
+
+If you received a notification from us, members of your organisation or your customers had their password stolen or system infected by a botnet. Detailed recommendations are found here: [https://csirt.divd.nl/cases/DIVD-2024-00019 ](https://csirt.divd.nl/cases/DIVD-2024-00019)
+
+\
+**WHAT YOU CAN DO**
+
+What you can do depends on who you are and the type of data the police found.To keep this main case page brief, we have created separate pages with recommendations for your situation.
+
+Check our CSIRT website case here:
+
+\
+**WHAT WE ARE DOING**
+
+We have received the discovered data from the police, and are sending out notification to individuals and organizations that have fallen victim to compromise. To effectively do this, we are in close cooperation with the Dutch National Police as well as the NCSC, CSIRT-DSP and DTC.
+
+**PRESS RELEASES**
+
+Press release Dutch Nationale Police:
+
+Press release Europol:
diff --git a/content/newsroom/articles/over-1-million-notifications.en.md b/content/newsroom/articles/over-1-million-notifications.en.md
index b662f8db..9cd27dfa 100644
--- a/content/newsroom/articles/over-1-million-notifications.en.md
+++ b/content/newsroom/articles/over-1-million-notifications.en.md
@@ -5,7 +5,7 @@ author: []
tag: news
intro: DIVD aims to make the digital world safer by reporting vulnerabilities we find in digital systems to those who can fix them. While the existence of a vulnerability is not something to celebrate, thanks to the hard work of skilled volunteers working for DIVD, we have been able to notify vulnerable organizations of at least 1 million compromised IP addresses.
image: /images/B2B-Isometric-Illustration.jpg
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/over-1-million-notifications.nl.md b/content/newsroom/articles/over-1-million-notifications.nl.md
index ca1caeb7..a6871c39 100644
--- a/content/newsroom/articles/over-1-million-notifications.nl.md
+++ b/content/newsroom/articles/over-1-million-notifications.nl.md
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: DIVD kondigt met trots aan dat we in totaal meer dan 1M meldingen hebben verstuurd naar kwetsbare organisaties en leveranciers! ✨🎉
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/newsroom/articles/proudest-work.en.md b/content/newsroom/articles/proudest-work.en.md
index cbf627c2..521b634d 100644
--- a/content/newsroom/articles/proudest-work.en.md
+++ b/content/newsroom/articles/proudest-work.en.md
@@ -1,17 +1,19 @@
---
title: "NEWS: INGE BRYAN NIEUWE BESTUURSVOORZITTER DIVD"
-date: 2023-11-25T18:19:40.931Z
+date: 2023-11-25T18:19:00+01:00
tag: news
-intro: Met trots en plezier maken we bekend dat Inge Bryan de nieuwe
- bestuursvoorzitter is van het Dutch Institute for Vulnerability Disclosure. Ze
- neemt deze rol over van Astrid Oosenbrug. Astrid legt de voorzittershamer neer
- om zich meer te gaan richten op de ontwikkeling van de DIVD Academy.
+intro: Met trots en plezier maken we bekend dat Inge Bryan de nieuwe bestuursvoorzitter is van het Dutch Institute for Vulnerability Disclosure. Ze neemt deze rol over van Astrid Oosenbrug. Astrid legt de voorzittershamer neer om zich meer te gaan richten op de ontwikkeling van de DIVD Academy.
image: /images/articles/divd-partnerevent-2023-21.jpg
-image_alt: Picture of a bug (insect)
+alt: ""
case:
+ caseid: ""
closed: true
+ lead: ""
+ leadlink: ""
researchers:
- label: Max van Der Horst
+ link: /
+image_alt: Picture of a bug (insect)
---
Met trots en plezier maken we bekend dat [Inge Bryan](https://www.linkedin.com/in/inge-bryan/) de nieuwe bestuursvoorzitter is van [het Dutch Institute for Vulnerability Disclosure](https://www.divd.nl/). Ze neemt deze rol over van [Astrid Oosenbrug](https://www.linkedin.com/in/astridoosenbrug/). Astrid legt de voorzittershamer neer om zich meer te gaan richten op de ontwikkeling van de [DIVD Academy](https://divd.academy/).
@@ -19,4 +21,4 @@ Inge Bryan is een leading lady in de wereld van CyberSecurity. Ze maakte carriè
[Chris van ’t Hof](https://www.linkedin.com/in/chris-van-t-hof-312609/), directeur DIVD is enthousiast met de komst van de nieuwe voorzitter. “Inge is een begrip in CyberSecurity en we zijn dan ook heel erg blij met haar komst naar ons instituut. Ze heeft de kennis en kunde in huis om DIVD weer een stap verder te brengen. Ik kijk er naar uit om samen met haar en onze hackers Nederland nog digitaal veiliger te maken.”
-Inge Bryan zegt vereerd te zijn met de benoeming. “Ik beschouw DIVD als een cruciale schakel in de digitale veiligheid van ons land en een bonte verzameling van fantastische mensen. Ik voel mij vereerd dat ik hiervan deel mag uit maken.” De voorzittershamer is overdragen op dinsdag 26 september tijdens een partnerbijeenkomst van DIVD.
\ No newline at end of file
+Inge Bryan zegt vereerd te zijn met de benoeming. “Ik beschouw DIVD als een cruciale schakel in de digitale veiligheid van ons land en een bonte verzameling van fantastische mensen. Ik voel mij vereerd dat ik hiervan deel mag uit maken.” De voorzittershamer is overdragen op dinsdag 26 september tijdens een partnerbijeenkomst van DIVD.
diff --git a/content/newsroom/articles/proudest-work.nl.md b/content/newsroom/articles/proudest-work.nl.md
index 9273d0c4..9f1fd4c8 100644
--- a/content/newsroom/articles/proudest-work.nl.md
+++ b/content/newsroom/articles/proudest-work.nl.md
@@ -4,8 +4,9 @@ date: 2023-11-25T18:19:40.938Z
tag: case
intro: intro proudest work
image: /images/articles/agracadavra.png
-image_alt: Picture of a bug (insect)
+alt: ""
case:
closed: true
+image_alt: Picture of a bug (insect)
---
Body of proudest work
diff --git "a/content/newsroom/articles/\360\235\220\222\360\235\220\232\360\235\220\257\360\235\220\236-\360\235\220\255\360\235\220\241\360\235\220\236-\360\235\220\203\360\235\220\232\360\235\220\255\360\235\220\236-\360\235\220\204\360\235\220\261\360\235\220\234\360\235\220\245\360\235\220\256\360\235\220\254\360\235\220\242\360\235\220\257\360\235\220\236-\360\235\220\204\360\235\220\257\360\235\220\236\360\235\220\247\360\235\220\255-\360\235\220\237\360\235\220\250\360\235\220\253-\360\235\220\217\360\235\220\232\360\235\220\253\360\235\220\255\360\235\220\247\360\235\220\236\360\235\220\253\360\235\220\254.en.md" "b/content/newsroom/articles/\360\235\220\222\360\235\220\232\360\235\220\257\360\235\220\236-\360\235\220\255\360\235\220\241\360\235\220\236-\360\235\220\203\360\235\220\232\360\235\220\255\360\235\220\236-\360\235\220\204\360\235\220\261\360\235\220\234\360\235\220\245\360\235\220\256\360\235\220\254\360\235\220\242\360\235\220\257\360\235\220\236-\360\235\220\204\360\235\220\257\360\235\220\236\360\235\220\247\360\235\220\255-\360\235\220\237\360\235\220\250\360\235\220\253-\360\235\220\217\360\235\220\232\360\235\220\253\360\235\220\255\360\235\220\247\360\235\220\236\360\235\220\253\360\235\220\254.en.md"
index 081c6b6f..17f80d7d 100644
--- "a/content/newsroom/articles/\360\235\220\222\360\235\220\232\360\235\220\257\360\235\220\236-\360\235\220\255\360\235\220\241\360\235\220\236-\360\235\220\203\360\235\220\232\360\235\220\255\360\235\220\236-\360\235\220\204\360\235\220\261\360\235\220\234\360\235\220\245\360\235\220\256\360\235\220\254\360\235\220\242\360\235\220\257\360\235\220\236-\360\235\220\204\360\235\220\257\360\235\220\236\360\235\220\247\360\235\220\255-\360\235\220\237\360\235\220\250\360\235\220\253-\360\235\220\217\360\235\220\232\360\235\220\253\360\235\220\255\360\235\220\247\360\235\220\236\360\235\220\253\360\235\220\254.en.md"
+++ "b/content/newsroom/articles/\360\235\220\222\360\235\220\232\360\235\220\257\360\235\220\236-\360\235\220\255\360\235\220\241\360\235\220\236-\360\235\220\203\360\235\220\232\360\235\220\255\360\235\220\236-\360\235\220\204\360\235\220\261\360\235\220\234\360\235\220\245\360\235\220\256\360\235\220\254\360\235\220\242\360\235\220\257\360\235\220\236-\360\235\220\204\360\235\220\257\360\235\220\236\360\235\220\247\360\235\220\255-\360\235\220\237\360\235\220\250\360\235\220\253-\360\235\220\217\360\235\220\232\360\235\220\253\360\235\220\255\360\235\220\247\360\235\220\236\360\235\220\253\360\235\220\254.en.md"
@@ -5,11 +5,12 @@ author: []
tag: news
intro: We’re excited to welcome our partners to a special evening marking our 5th anniversary.
image: /images/DIVD Partnerevent 2024.png
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
---
+
**The Hague, Netherlands – Sep 1, 2024** by [Serena de Pater](https://www.divd.nl/who-we-are/team/people/serena-de-pater/) and [Marieke Smits](https://www.divd.nl/who-we-are/team/people/marieke-smits/)
## Our Fifth Anniversary!
@@ -20,10 +21,10 @@ We’re excited to welcome our partners to a special evening marking our 5th ann
This is a tribute to our partners (we like to call you our friends)! Together, let's continue to build a network that makes us stronger and keeps our most critical and vulnerable systems safe!
-## Questions?
+## Questions?
Contact us via [partner@divd.nl](mailto:partner@divd.nl).
-If you would like to contribute to DIVD's mission, your donations are more than welcome. You can also [sign up](https://www.divd.nl/contribute/volunteers/) as a volunteer and offer your time and skills here.
+If you would like to contribute to DIVD's mission, your donations are more than welcome. You can also [sign up](https://www.divd.nl/contribute/volunteers/) as a volunteer and offer your time and skills here.
Make sure to [follow](https://www.linkedin.com/company/divd-nl/?) us on LinkedIn and [X](https://x.com/DIVDnl) (formerly known as Twitter) and take notice of every important update.
diff --git "a/content/newsroom/articles/\360\235\220\222\360\235\220\232\360\235\220\257\360\235\220\236-\360\235\220\255\360\235\220\241\360\235\220\236-\360\235\220\203\360\235\220\232\360\235\220\255\360\235\220\236-\360\235\220\204\360\235\220\261\360\235\220\234\360\235\220\245\360\235\220\256\360\235\220\254\360\235\220\242\360\235\220\257\360\235\220\236-\360\235\220\204\360\235\220\257\360\235\220\236\360\235\220\247\360\235\220\255-\360\235\220\237\360\235\220\250\360\235\220\253-\360\235\220\217\360\235\220\232\360\235\220\253\360\235\220\255\360\235\220\247\360\235\220\236\360\235\220\253\360\235\220\254.nl.md" "b/content/newsroom/articles/\360\235\220\222\360\235\220\232\360\235\220\257\360\235\220\236-\360\235\220\255\360\235\220\241\360\235\220\236-\360\235\220\203\360\235\220\232\360\235\220\255\360\235\220\236-\360\235\220\204\360\235\220\261\360\235\220\234\360\235\220\245\360\235\220\256\360\235\220\254\360\235\220\242\360\235\220\257\360\235\220\236-\360\235\220\204\360\235\220\257\360\235\220\236\360\235\220\247\360\235\220\255-\360\235\220\237\360\235\220\250\360\235\220\253-\360\235\220\217\360\235\220\232\360\235\220\253\360\235\220\255\360\235\220\247\360\235\220\236\360\235\220\253\360\235\220\254.nl.md"
index 294894a2..1ecfc3c1 100644
--- "a/content/newsroom/articles/\360\235\220\222\360\235\220\232\360\235\220\257\360\235\220\236-\360\235\220\255\360\235\220\241\360\235\220\236-\360\235\220\203\360\235\220\232\360\235\220\255\360\235\220\236-\360\235\220\204\360\235\220\261\360\235\220\234\360\235\220\245\360\235\220\256\360\235\220\254\360\235\220\242\360\235\220\257\360\235\220\236-\360\235\220\204\360\235\220\257\360\235\220\236\360\235\220\247\360\235\220\255-\360\235\220\237\360\235\220\250\360\235\220\253-\360\235\220\217\360\235\220\232\360\235\220\253\360\235\220\255\360\235\220\247\360\235\220\236\360\235\220\253\360\235\220\254.nl.md"
+++ "b/content/newsroom/articles/\360\235\220\222\360\235\220\232\360\235\220\257\360\235\220\236-\360\235\220\255\360\235\220\241\360\235\220\236-\360\235\220\203\360\235\220\232\360\235\220\255\360\235\220\236-\360\235\220\204\360\235\220\261\360\235\220\234\360\235\220\245\360\235\220\256\360\235\220\254\360\235\220\242\360\235\220\257\360\235\220\236-\360\235\220\204\360\235\220\257\360\235\220\236\360\235\220\247\360\235\220\255-\360\235\220\237\360\235\220\250\360\235\220\253-\360\235\220\217\360\235\220\232\360\235\220\253\360\235\220\255\360\235\220\247\360\235\220\236\360\235\220\253\360\235\220\254.nl.md"
@@ -5,7 +5,7 @@ author: []
tag: ""
intro: We’re excited to welcome our partners to a special evening marking our 5th anniversary.
image: ""
-Alt tag for image: ""
+alt: ""
case: null
faq_enabled: false
faq: null
diff --git a/content/privacy/_index.en.md b/content/privacy/_index.en.md
index 85c0e694..a0ff073a 100644
--- a/content/privacy/_index.en.md
+++ b/content/privacy/_index.en.md
@@ -1,6 +1,7 @@
---
title: Privacy
---
+
## Privacy Policy
This page lists our publicly available documents focussing on policies and visions.
@@ -52,18 +53,18 @@ DIVD also processes personal data for the following purposes:
DIVD does not use automated decision-making.
-## How Long Does DIVD Store Personal Data?
+## How Long Does DIVD Store Personal Data?
DIVD does not store personal data longer than is strictly necessary to achieve the purposes for which it was collected. DIVD uses the following retention periods for information:
### Information
- Financial information (for the tax authorities) 7 years
-- Results of investigations - maximum 3 years *
-- Results of reports - maximum 3 years *
-- E-mail communication 10 years *
+- Results of investigations - maximum 3 years \*
+- Results of reports - maximum 3 years \*
+- E-mail communication 10 years \*
-*\* This can change on request from a data subject.*
+_\* This can change on request from a data subject._
## Does DIVD Share Personal Data With Third Parties?
@@ -91,7 +92,7 @@ For more information about these parties, please refer to the statements on thei
You have the right to view, correct or delete your personal data held by DIVD. For those cases where DIVD processes data with the permission of the person to whom this data relates, this person has the right to withdraw your consent to the data processing or to object to the processing of his personal data by DIVD and has the right to data portability.
-You can send a request for inspection, correction, deletion or data transfer of your personal data or a request for cancellation of your consent or objection to the processing of your personal data to Privacy@DIVD.nl. To ensure that the request for access has been made by you, DIVD may ask you to enclose a (privacy-friendly) copy of your proof of identity with the request. Make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) black in this copy. This is to protect your privacy. If your request relates to IP addresses or domain names, you must also sufficiently demonstrate that these IP addresses and/or domain names are indeed your personal data. DIVD will respond to your request within twenty working days. DIVD would also like to point out that you have the option of submitting a complaint to the national supervisory authority, the Dutch Data Protection Authority. This can be done via the following link: [https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons](https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons "https\://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons")
+You can send a request for inspection, correction, deletion or data transfer of your personal data or a request for cancellation of your consent or objection to the processing of your personal data to Privacy@DIVD.nl. To ensure that the request for access has been made by you, DIVD may ask you to enclose a (privacy-friendly) copy of your proof of identity with the request. Make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and citizen service number (BSN) black in this copy. This is to protect your privacy. If your request relates to IP addresses or domain names, you must also sufficiently demonstrate that these IP addresses and/or domain names are indeed your personal data. DIVD will respond to your request within twenty working days. DIVD would also like to point out that you have the option of submitting a complaint to the national supervisory authority, the Dutch Data Protection Authority. This can be done via the following link: [https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons](https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons "https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons")
Your copy of your proof of identity will be destroyed as soon as your request has been processed. Unless otherwise indicated, the e-mails of the request are kept for a normal period.
diff --git a/content/privacy/_index.nl.md b/content/privacy/_index.nl.md
index c4d2d41c..3dcc3686 100644
--- a/content/privacy/_index.nl.md
+++ b/content/privacy/_index.nl.md
@@ -1,6 +1,7 @@
---
title: Privacy
---
+
## Privacy
1. DIVD is a Dutch research institute that works with volunteers who aim to make the digital world safer by searching the internet for vulnerabilities and reporting the findings to those who can fix these vulnerabilities.
diff --git a/content/search/_index.en.md b/content/search/_index.en.md
index cff2be14..30545fb4 100644
--- a/content/search/_index.en.md
+++ b/content/search/_index.en.md
@@ -1,5 +1,5 @@
---
title: Search
outputs:
-- json
----
\ No newline at end of file
+ - json
+---
diff --git a/content/search/_index.nl.md b/content/search/_index.nl.md
index b8e5a0d4..6f7af813 100644
--- a/content/search/_index.nl.md
+++ b/content/search/_index.nl.md
@@ -1,5 +1,5 @@
---
title: Zoeken
outputs:
-- json
----
\ No newline at end of file
+ - json
+---
diff --git a/content/security/_index.en.md b/content/security/_index.en.md
index 6582515b..fa771e01 100644
--- a/content/security/_index.en.md
+++ b/content/security/_index.en.md
@@ -1,6 +1,7 @@
---
title: Responsible Disclosure
---
+
## **General**
At DIVD the security of our systems is a top priority. No matter how much effort we put into system security, there might be vulnerabilities present. If you discover a vulnerability, we would like to know about it so we can take steps to address it. We would like to ask you to help us protect our systems.
@@ -79,26 +80,26 @@ Destroy or corrupt, or attempt to destroy or corrupt, any data or information th
Our following assets are explicitly in scope, if you find a vulnerability in a system you believe belongs to us but is not listed here we will review this on a case-by-case basis.
-- divd.nl
-- divd.academy
-- as50559.com
-- as50559.nl
-- as50559.org
-- haveyoubeenpwned.nl
-- divd.network
-- divdfonds.nl
-- divd.fund
-- csirt.global
-- divd.charity
-- divd.club
-- divd.space
-- divd.community
-- cyber-wear.nl
-- divd.today
-- divd.global
-- divd.family
-- divd.org
-- divd.observer
+- divd.nl
+- divd.academy
+- as50559.com
+- as50559.nl
+- as50559.org
+- haveyoubeenpwned.nl
+- divd.network
+- divdfonds.nl
+- divd.fund
+- csirt.global
+- divd.charity
+- divd.club
+- divd.space
+- divd.community
+- cyber-wear.nl
+- divd.today
+- divd.global
+- divd.family
+- divd.org
+- divd.observer
## **Out of Scope**
diff --git a/content/security/_index.nl.md b/content/security/_index.nl.md
index c879d98b..0ee0cda4 100644
--- a/content/security/_index.nl.md
+++ b/content/security/_index.nl.md
@@ -1,6 +1,7 @@
---
title: Coordinated Vulnerability Disclosure
---
+
## Coordinated Vulnerability Disclosure
1. DIVD is a Dutch research institute that works with volunteers who aim to make the digital world safer by searching the internet for vulnerabilities and reporting the findings to those who can fix these vulnerabilities.
diff --git a/content/testimonials/_index.en.md b/content/testimonials/_index.en.md
index 30614c6b..aecc58ed 100644
--- a/content/testimonials/_index.en.md
+++ b/content/testimonials/_index.en.md
@@ -9,7 +9,7 @@ testimonials:
Over time we’ve come to realize that they actually secure our society. And that’s exactly
- what DIVD does: they secure our society.”
+ what DIVD does: they secure our society.”
image: /images/testimonials/mikkohypponen_2013x-embed.jpg
- name: Dave Maasland
role: CEO ESET Netherlands
diff --git a/content/testimonials/_index.nl.md b/content/testimonials/_index.nl.md
index 3e85242c..00a572ed 100644
--- a/content/testimonials/_index.nl.md
+++ b/content/testimonials/_index.nl.md
@@ -12,7 +12,7 @@ testimonials:
Origineel in het Engels: “We used to think that the work of computer security experts is to secure computers. Over time we’ve come to realize that they actually secure our society. And that’s exactly
- what DIVD does: they secure our society.”
+ what DIVD does: they secure our society.”
image: /images/testimonials/mikkohypponen_2013x-embed.jpg
- name: Dave Maasland
role: CEO ESET Netherlands
diff --git a/content/toc/_index.en.md b/content/toc/_index.en.md
index 8049ef3a..41bad1ac 100644
--- a/content/toc/_index.en.md
+++ b/content/toc/_index.en.md
@@ -1,8 +1,9 @@
---
title: Terms and Conditions
---
+
## Terms and conditions
1. DIVD is a Dutch research institute that works with volunteers who aim to make the digital world safer by searching the internet for vulnerabilities and reporting the findings to those who can fix these vulnerabilities.
2. As we work on sensitive data, gathered without informed consent, we established this Code of Conduct to provide an ethical base for the work we do. This code can also be used by other researchers working on what is currently referred to as responsible disclosure, or coordinated vulnerability disclosure.
-3. In our research projects we, for example:
\ No newline at end of file
+3. In our research projects we, for example:
diff --git a/content/toc/_index.nl.md b/content/toc/_index.nl.md
index 8049ef3a..41bad1ac 100644
--- a/content/toc/_index.nl.md
+++ b/content/toc/_index.nl.md
@@ -1,8 +1,9 @@
---
title: Terms and Conditions
---
+
## Terms and conditions
1. DIVD is a Dutch research institute that works with volunteers who aim to make the digital world safer by searching the internet for vulnerabilities and reporting the findings to those who can fix these vulnerabilities.
2. As we work on sensitive data, gathered without informed consent, we established this Code of Conduct to provide an ethical base for the work we do. This code can also be used by other researchers working on what is currently referred to as responsible disclosure, or coordinated vulnerability disclosure.
-3. In our research projects we, for example:
\ No newline at end of file
+3. In our research projects we, for example:
diff --git a/content/what-we-do/code-of-conduct/_index.en.md b/content/what-we-do/code-of-conduct/_index.en.md
index 0e1076fb..fec110ab 100644
--- a/content/what-we-do/code-of-conduct/_index.en.md
+++ b/content/what-we-do/code-of-conduct/_index.en.md
@@ -2,21 +2,24 @@
type: codeofconduct
title: Code of Conduct
---
+
## CODE OF CONDUCT 2.1
1. DIVD is a Dutch research institute that works with volunteers who aim to make the digital world safer by searching the internet for vulnerabilities and reporting the findings to those who can fix these vulnerabilities.
2. As we work on sensitive data, gathered without informed consent, we established this Code of Conduct to provide an ethical base for the work we do. This code can also be used by other researchers working on what is currently referred to as responsible disclosure, or coordinated vulnerability disclosure.
3. In our research projects we, for example:
- * Scan the internet for vulnerabilities, mostly Common Vulnerabilities and Exposures (CVEs), and report our findings and possible solutions to the owners of these systems.
- * Analyse online systems for new vulnerabilities (zero-days), report our findings to the makers and try to help them out in fixing the vulnerabilities.
- * Analyse databases with leaked credentials and report to the organisations or people who are compromised to take appropriate measures.
- * Work with trusted partners to extend our reach and notify as many organisations and people as possible
+ - Scan the internet for vulnerabilities, mostly Common Vulnerabilities and Exposures (CVEs), and report our findings and possible solutions to the owners of these systems.
+ - Analyse online systems for new vulnerabilities (zero-days), report our findings to the makers and try to help them out in fixing the vulnerabilities.
+ - Analyse databases with leaked credentials and report to the organisations or people who are compromised to take appropriate measures.
+ - Work with trusted partners to extend our reach and notify as many organisations and people as possible
+
4. We are aware that we operate at the edges of what is legally allowed, so we proceed by these three criteria commonly used in court cases on vulnerability disclosures:
- * Societal need: we do vulnerability disclosure to prevent online damage to as many internet users as possible and don’t serve any particular financial, political or individual interests.
- * Principle of Proportionality: we serve this need with appropriate means. Our research should increase and not decrease the integrity and availability of online systems.
- * Principle of Subsidiarity: if several means are available to meet the need, we opt for the one which has the least impact.
+ - Societal need: we do vulnerability disclosure to prevent online damage to as many internet users as possible and don’t serve any particular financial, political or individual interests.
+ - Principle of Proportionality: we serve this need with appropriate means. Our research should increase and not decrease the integrity and availability of online systems.
+ - Principle of Subsidiarity: if several means are available to meet the need, we opt for the one which has the least impact.
+
5. We validate our findings to prevent reporting false positives or miss false negatives and sometimes need to verify if a vulnerability is actually present. We use custom-made scripts based on publicly available proof of concepts or non-weaponized exploit code and take good care that we don’t damage systems, download too much personal data, or create backdoors.
6. Our findings typically consist of lists with several to millions of IP addresses, the type of vulnerability found, contact information, and metadata (e.g. timestamps, scripts, researchers working on the data). This is sensitive data, so we take all precautions necessary to protect the confidentiality of this data.
7. We disclose zero-day vulnerabilities to the vendor first, then request CVE numbers and negotiate a reasonable time span for disclosing it to our Trusted Information Sharing Partners and the broader public. Ideally, the disclosure is preceded by a patch. If a vendor is obviously slow in providing the patch and it is likely others may discover and abuse the vulnerability, we may consider disclosure to warn potential victims and advise them on mitigation measures.
@@ -30,4 +33,4 @@ title: Code of Conduct
## MORE INFO:
-Is it legit to exchange lists of IP addresses together with vulnerabilities? The short answer is: Yes, according to Dutch law we can. The more elaborate answer you will find in this Liability Impact Assessment, prepared by Privacy Management Partners (in Dutch). [Click here to download](/documents/LIA_abuse_informatie_v1.1.pdf) (Dutch)
\ No newline at end of file
+Is it legit to exchange lists of IP addresses together with vulnerabilities? The short answer is: Yes, according to Dutch law we can. The more elaborate answer you will find in this Liability Impact Assessment, prepared by Privacy Management Partners (in Dutch). [Click here to download](/documents/LIA_abuse_informatie_v1.1.pdf) (Dutch)
diff --git a/content/what-we-do/code-of-conduct/_index.nl.md b/content/what-we-do/code-of-conduct/_index.nl.md
index 24ba505d..ce9f28fc 100644
--- a/content/what-we-do/code-of-conduct/_index.nl.md
+++ b/content/what-we-do/code-of-conduct/_index.nl.md
@@ -2,6 +2,7 @@
type: codeofconduct
title: Code of Conduct
---
+
# Hello world
-code of conduct NL
\ No newline at end of file
+code of conduct NL
diff --git a/content/what-we-do/code-of-ethics/_index.en.md b/content/what-we-do/code-of-ethics/_index.en.md
index aa277647..9ea5113f 100644
--- a/content/what-we-do/code-of-ethics/_index.en.md
+++ b/content/what-we-do/code-of-ethics/_index.en.md
@@ -2,6 +2,7 @@
type: codeofethics
title: Code of Ethics
---
+
#### **Preamble**
This Code of Ethics guides the ethical conduct of all members of the Dutch Institute for Vulnerability Disclosure (DIVD). It outlines the principles and standards all members must uphold in their professional activities.
@@ -21,11 +22,11 @@ This Code of Ethics guides the ethical conduct of all members of the Dutch Insti
3. **Professional Competence**: Maintain and enhance professional knowledge and skills to provide high-quality services.
4. **Honest Communication**: We communicate truthfully and accurately in all professional matters, and conduct all our activities honestly and ethically.
5. **Ethical Decision-Making**: Make decisions based on moral and honorable principles and sound judgment.
-6. **Mutual Respect**: Diversity is our strength. We respect and celebrate neurodiversity and individual differences in cultural, gender, sexual, religious, and philosophical orientations.
+6. **Mutual Respect**: Diversity is our strength. We respect and celebrate neurodiversity and individual differences in cultural, gender, sexual, religious, and philosophical orientations.
#### **3. Responsibilities to Stakeholders**
-1. **Collaboration:** Share knowledge and experience with the concerned parties while upholding the principles of integrity and confidentiality.
+1. **Collaboration:** Share knowledge and experience with the concerned parties while upholding the principles of integrity and confidentiality.
2. **Partners**: We act in the best interests of the organizations we report to, providing services with competence, diligence, and care. We live up to the expectations we raise among the partners we collaborate with and/or sponsor.
3. **Volunteers**: Foster a collaborative and respectful work environment, supporting and mentoring peers.
4. **Organizations**: Uphold the policies and values of employers while maintaining professional integrity.
diff --git a/content/what-we-do/code-of-ethics/_index.nl.md b/content/what-we-do/code-of-ethics/_index.nl.md
index 6b38fa72..0f0511b0 100644
--- a/content/what-we-do/code-of-ethics/_index.nl.md
+++ b/content/what-we-do/code-of-ethics/_index.nl.md
@@ -2,6 +2,7 @@
type: codeofethics
title: Code of Ethics
---
+
# Hello world
code of ethics NL
diff --git a/content/who-we-are/team/_index.en.md b/content/who-we-are/team/_index.en.md
index ea5ac9c9..75cdd2c3 100644
--- a/content/who-we-are/team/_index.en.md
+++ b/content/who-we-are/team/_index.en.md
@@ -1,53 +1,244 @@
---
title: The Team
opener: Meet our Team
-intro: |-
- We are very grateful and proud of all our team members who voluntarily dedicate their free time to this great cause. Our team is a diverse mix of individuals, with some just starting out in cybersecurity and others who have been in the field for a long time.
+intro: >-
+ We are very grateful and proud of all our team members who voluntarily
+ dedicate their free time to this great cause. Our team is a diverse mix of
+ individuals, with some just starting out in cybersecurity and others who have
+ been in the field for a long time.
- Not every member has a profile picture or is listed in a team. Privacy matters!
+
+ Not every member has a profile picture or is listed in a team. Privacy
+
+ matters!
in_progress: false
teams:
- title: Board
- description: At the head of DIVD is our board, providing guidance, direction, and making strategic decisions. The day-to-day operations are managed by a team that includes our director, department heads, the CISO, and the crisis manager.
- members: []
+ description: >-
+ At the head of DIVD is our board, providing guidance, direction, and
+ making strategic decisions. The day-to-day operations are managed by a
+ team that includes our director, department heads, the CISO, and the
+ crisis manager.
+ members:
+ - /who-we-are/team/people/eleonora-petridou
+ - /who-we-are/team/people/inge-bryan
+ - /who-we-are/team/people/joost-hendricksen
+ - /who-we-are/team/people/marinus-kuivenhoven
+ - /who-we-are/team/people/shairesh-algoe
+ - /who-we-are/team/people/tom-van-dael
- title: Management
- description: ""
+ description: ''
+ members:
+ - /who-we-are/team/people/winko
+ - /who-we-are/team/people/casper-kuijper
+ - /who-we-are/team/people/chris-van-t-hof
+ - /who-we-are/team/people/frank-breedijk
+ - /who-we-are/team/people/h-meuris
+ - /who-we-are/team/people/lennaert
+ - /who-we-are/team/people/marieke-smits
+ - /who-we-are/team/people/peter-baard
+ - /who-we-are/team/people/roxane
+ - /who-we-are/team/people/victor-gevers-1
- title: DIVD-CSIRT
- description: The CSIRT (Computer Security Incident Response Team) is the beating heart of DIVD, responsible for scanning the Internet and notifying system owners of the vulnerabilities found in their systems. Within the CSIRT, the team of CNA Administrators is responsible for DIVD's role as CVE Number Authority (NA). They can independently assign CVE numbers and update CVE records for vulnerabilities within our scope.
- members: []
+ description: >-
+ The CSIRT (Computer Security Incident Response Team) is the beating heart
+ of DIVD, responsible for scanning the Internet and notifying system owners
+ of the vulnerabilities found in their systems. Within the CSIRT, the team
+ of CNA Administrators is responsible for DIVD's role as CVE Number
+ Authority (NA). They can independently assign CVE numbers and update CVE
+ records for vulnerabilities within our scope.
+ members:
+ - /who-we-are/team/people/alwin-warringa
+ - /who-we-are/team/people/axel
+ - /who-we-are/team/people/barre-dijkstra
+ - /who-we-are/team/people/boaz-braaksma
+ - /who-we-are/team/people/finn-van-der-knaap
+ - /who-we-are/team/people/h-meuris
+ - /who-we-are/team/people/jelle-ursem
+ - /who-we-are/team/people/kaj-koole
+ - /who-we-are/team/people/lennaert
+ - /who-we-are/team/people/max-van-der-horst
+ - /who-we-are/team/people/oscar-vlugt
+ - /who-we-are/team/people/stan-plasmeijer
+ - /who-we-are/team/people/victor-pasman
+ - /who-we-are/team/people/wessel-baltus
+ - /who-we-are/team/people/wessel-van-der-goot
- title: Research & Development
- description: DIVD has two teams of highly skilled security researchers who voluntarily seek out and report vulnerabilities alongside their regular jobs. DIVD ensures they adhere to our Code of Conduct while providing a buffer against journalists, lawyers, and recruiters. Their research not only uncovers security trends and raises awareness but also helps develop new methods for vulnerability research and disclosure. Although you may never meet our researchers, you can hope they are inspecting your systems right now, catching issues before the bad guys do....
- members: []
+ description: >-
+ DIVD has two teams of highly skilled security researchers who voluntarily
+ seek out and report vulnerabilities alongside their regular jobs. DIVD
+ ensures they adhere to our Code of Conduct while providing a buffer
+ against journalists, lawyers, and recruiters. Their research not only
+ uncovers security trends and raises awareness but also helps develop new
+ methods for vulnerability research and disclosure. Although you may never
+ meet our researchers, you can hope they are inspecting your systems right
+ now, catching issues before the bad guys do....
+ members:
+ - /who-we-are/team/people/anass-ali
+ - /who-we-are/team/people/artur-miron
+ - /who-we-are/team/people/asif
+ - /who-we-are/team/people/axel
+ - /who-we-are/team/people/bartlomiej-lizak
+ - /who-we-are/team/people/carolien-braams
+ - /who-we-are/team/people/daan-keuper
+ - /who-we-are/team/people/dion-wissing
+ - /who-we-are/team/people/fatih-yilmaz
+ - /who-we-are/team/people/finn-van-der-knaap
+ - /who-we-are/team/people/gerard-janssen
+ - /who-we-are/team/people/harm-van-den-brink
+ - /who-we-are/team/people/henry-schokkenbroek
+ - /who-we-are/team/people/hidde-smit
+ - /who-we-are/team/people/jelle-ursem
+ - /who-we-are/team/people/jeroen-ellermeijer
+ - /who-we-are/team/people/jeroen-van-de-weerd
+ - /who-we-are/team/people/jonathan-bouman
+ - /who-we-are/team/people/joris-cras
+ - /who-we-are/team/people/joris-van-de-vis
+ - /who-we-are/team/people/josha-beekman
+ - /who-we-are/team/people/julian-roseboom
+ - /who-we-are/team/people/khalid-nakhli
+ - /who-we-are/team/people/koen-liu
+ - /who-we-are/team/people/koen-van-hove
+ - /who-we-are/team/people/mark-heijblok
+ - /who-we-are/team/people/marnix-lourens
+ - /who-we-are/team/people/martin-van-wingerden
+ - /who-we-are/team/people/max-van-der-horst
+ - /who-we-are/team/people/melvin-boers
+ - /who-we-are/team/people/melvin-lammerts
+ - /who-we-are/team/people/mischa-rick-van-geelen
+ - /who-we-are/team/people/olivier-beg
+ - /who-we-are/team/people/ralph-horn
+ - /who-we-are/team/people/rene-de-groot
+ - /who-we-are/team/people/rutger-hermens
+ - /who-we-are/team/people/serena-de-pater
+ - /who-we-are/team/people/sjors-roelfzema
+ - /who-we-are/team/people/tabitha-vogelaar
+ - /who-we-are/team/people/tom-wolters
+ - /who-we-are/team/people/victor-gevers-1
+ - /who-we-are/team/people/wietse-boonstra
+ - /who-we-are/team/people/kees-poeijer-van
+ - /who-we-are/team/people/omer-zulaloglu
+ - /who-we-are/team/people/inanc-yigit
- title: IT Services
- description: This department manages our applications and infrastructure, including our own AS and the systems used by CSIRT and the Research & Development team to scan the internet. They handle the technical maintenance of our websites and have a development team that supports the teams by creating tools to automate tasks.
- members: []
+ description: >-
+ This department manages our applications and infrastructure, including our
+ own AS and the systems used by CSIRT and the Research & Development team
+ to scan the internet. They handle the technical maintenance of our
+ websites and have a development team that supports the teams by creating
+ tools to automate tasks.
+ members:
+ - /who-we-are/team/people/winko
+ - /who-we-are/team/people/bart-reedijk
+ - /who-we-are/team/people/bert-kiers
+ - /who-we-are/team/people/casper-kuijper
+ - /who-we-are/team/people/geert-langendam
+ - /who-we-are/team/people/jan-van-stijn
+ - /who-we-are/team/people/jeroen-van-der-broek
+ - /who-we-are/team/people/marco-heijkoop
+ - /who-we-are/team/people/nathan-van-buuren
+ - /who-we-are/team/people/raymond-schuiling
+ - /who-we-are/team/people/rob-blokland
+ - /who-we-are/team/people/ronald-beiboer
+ - /who-we-are/team/people/ruben-uithol
+ - /who-we-are/team/people/sigurd-hoenkamp-de-vries
+ - /who-we-are/team/people/tirza-dijkstra
+ - /who-we-are/team/people/waldo-de-borst
+ - /who-we-are/team/people/wiljan-wander
- title: People & Culture
- description: This department is responsible for the onboarding, offboarding, training, and coaching of our volunteers. The People & Culture team advises managers and team leaders in the organisation to support people in those roles to enable engagement, helping to make sure that everyone involved with the organisation enjoys their time at DIVD.
- members: []
+ description: >-
+ This department is responsible for the onboarding, offboarding, training,
+ and coaching of our volunteers. The People & Culture team advises managers
+ and team leaders in the organisation to support people in those roles to
+ enable engagement, helping to make sure that everyone involved with the
+ organisation enjoys their time at DIVD.
+ members:
+ - /who-we-are/team/people/astrid-oosenbrug
+ - /who-we-are/team/people/jan-los
+ - /who-we-are/team/people/kato-vierbergen
+ - /who-we-are/team/people/roxane
- title: Communications
- description: The communications department handles internal and external communications, events, and merchandise. It showcases DIVD's work both nationally and internationally through blogs on our website, press releases to relevant media, and posts on social media channels. This department ensures our experts are visible at key cybersecurity and hacker events. Additionally, the PR office is responsible for building and maintaining relationships with our partners, keeping them engaged with our activities.
- members: []
- - title: Governance, Risk & Compliance (GRC)
- description: The GRC department ensures our security is top-notch and that we comply with all relevant rules and regulations. In addition to the Security Office, the GRC department includes privacy officers, a crisis manager, and the Ethical Committee.
- members: []
+ description: >-
+ The communications department handles internal and external
+ communications, events, and merchandise. It showcases DIVD's work both
+ nationally and internationally through blogs on our website, press
+ releases to relevant media, and posts on social media channels. This
+ department ensures our experts are visible at key cybersecurity and hacker
+ events. Additionally, the PR office is responsible for building and
+ maintaining relationships with our partners, keeping them engaged with our
+ activities.
+ members:
+ - /who-we-are/team/people/gerard-janssen
+ - /who-we-are/team/people/jort-geurts
+ - /who-we-are/team/people/marieke-smits
+ - /who-we-are/team/people/marten-de-groot
+ - /who-we-are/team/people/serena-de-pater
+ - title: 'Governance, Risk & Compliance (GRC)'
+ description: >-
+ The GRC department ensures our security is top-notch and that we comply
+ with all relevant rules and regulations. In addition to the Security
+ Office, the GRC department includes privacy officers, a crisis manager,
+ and the Ethical Committee.
+ members:
+ - /who-we-are/team/people/alexia-ronda
+ - /who-we-are/team/people/dennis-kussendrager
+ - /who-we-are/team/people/filip-chyla
+ - /who-we-are/team/people/ferdinand-uittenbogaard
+ - /who-we-are/team/people/frank-breedijk
+ - /who-we-are/team/people/peter-baard
- title: Project Office
- description: The Project Office is a centralized entity within the DIVD responsible for standardizing and overseeing project management practices and processes.
- members: []
+ description: >-
+ The Project Office is a centralized entity within the DIVD responsible for
+ standardizing and overseeing project management practices and processes.
+ members:
+ - /who-we-are/team/people/winko
+ - /who-we-are/team/people/caroline-loef
+ - /who-we-are/team/people/dimitri-van-esch
+ - /who-we-are/team/people/dirk-maij
+ - /who-we-are/team/people/henry-schokkenbroek
+ - /who-we-are/team/people/tirza-dijkstra
+ - /who-we-are/team/people/victor-gevers-1
- title: Advisory board
- description: ""
- members: []
+ description: ''
+ members:
+ - /who-we-are/team/people/chantal-stekelenburg
- title: Ethics Committee
- description: ""
- members: []
+ description: ''
+ members:
+ - /who-we-are/team/people/hans-van-de-looy
+ - /who-we-are/team/people/lennaert
- title: Confidentiality Officers
- type: ""
- description: |-
+ type: ''
+ description: >-
A safe working environment
- DIVD continuously strives to be a safe and healthy organization, where everyone feels at home. Creating a workplace where individuals feel secure, included, valued, trusted and respected is crucial for fostering a positive and productive atmosphere. Maintaining such an environment is essential for the well-being and professional development of our workforce. Therefore DIVD has appointed confidential advisors, by which we aim to provide employees with a dedicated and trustworthy channel to address concerns related to unwanted behaviors or integrity violations.
- Unwanted behaviors, such as exclusion, bullying, harassment, discrimination, and aggression, can have a detrimental impact on an individual's well-being and the overall workplace environment. Similarly, integrity violations, encompassing actions like corruption, fraud, abuse of power, and disclosure of sensitive information, compromise the ethical foundation of an organization. DIVD acknowledges the severity of these issues and takes a proactive stance by not tolerating such behaviors.
+ DIVD continuously strives to be a safe and healthy organization, where
+ everyone feels at home. Creating a workplace where individuals feel
+ secure, included, valued, trusted and respected is crucial for fostering a
+ positive and productive atmosphere. Maintaining such an environment is
+ essential for the well-being and professional development of our
+ workforce. Therefore DIVD has appointed confidential advisors, by which we
+ aim to provide employees with a dedicated and trustworthy channel to
+ address concerns related to unwanted behaviors or integrity violations.
- The presence of the confidential advisors underscores the importance of open communication, addressing issues promptly, and upholding ethical standards. By offering this support system, DIVD aims to ensure that employees feel heard, supported, and empowered to address concerns without fear of reprisal. Also, DIVD intends to strengthen the trusted relationship, reassure employees that their concerns are taken seriously, and demonstrate its commitment to maintaining a workplace where integrity is paramount.
+
+ Unwanted behaviors, such as exclusion, bullying, harassment,
+ discrimination, and aggression, can have a detrimental impact on an
+ individual's well-being and the overall workplace environment. Similarly,
+ integrity violations, encompassing actions like corruption, fraud, abuse
+ of power, and disclosure of sensitive information, compromise the ethical
+ foundation of an organization. DIVD acknowledges the severity of these
+ issues and takes a proactive stance by not tolerating such behaviors.
+
+
+ The presence of the confidential advisors underscores the importance of
+ open communication, addressing issues promptly, and upholding ethical
+ standards. By offering this support system, DIVD aims to ensure that
+ employees feel heard, supported, and empowered to address concerns without
+ fear of reprisal. Also, DIVD intends to strengthen the trusted
+ relationship, reassure employees that their concerns are taken seriously,
+ and demonstrate its commitment to maintaining a workplace where integrity
+ is paramount.
members: []
type: team
---
+
diff --git a/content/who-we-are/team/people/arthur-dent.nl.md b/content/who-we-are/team/people/arthur-dent.nl.md
index de1ae6aa..13d9a4a9 100644
--- a/content/who-we-are/team/people/arthur-dent.nl.md
+++ b/content/who-we-are/team/people/arthur-dent.nl.md
@@ -20,4 +20,5 @@ links:
- name: Personal site
link: https://arthurdent.com
---
-Arthur Dent, the quintessential Englishman, finds himself thrust into the bewildering cosmos after the Earth's unexpected demolition to make way for a hyperspace bypass. Clad in his perennially worn dressing gown, Arthur embodies the everyman, bewildered and unprepared for the wild eccentricities of the universe. His mundane, tea-loving life on Earth stands in stark contrast to his subsequent interstellar adventures, where he encounters bizarre planets and peculiar alien life forms. Struggling to grasp the absurdity of his new reality, Arthur's journey is a comedic yet poignant exploration of the human condition amidst the backdrop of the unfathomable universe.
\ No newline at end of file
+
+Arthur Dent, the quintessential Englishman, finds himself thrust into the bewildering cosmos after the Earth's unexpected demolition to make way for a hyperspace bypass. Clad in his perennially worn dressing gown, Arthur embodies the everyman, bewildered and unprepared for the wild eccentricities of the universe. His mundane, tea-loving life on Earth stands in stark contrast to his subsequent interstellar adventures, where he encounters bizarre planets and peculiar alien life forms. Struggling to grasp the absurdity of his new reality, Arthur's journey is a comedic yet poignant exploration of the human condition amidst the backdrop of the unfathomable universe.
diff --git a/content/why-our-work-matters/_index.en.md b/content/why-our-work-matters/_index.en.md
index 897779dd..a7709eb6 100644
--- a/content/why-our-work-matters/_index.en.md
+++ b/content/why-our-work-matters/_index.en.md
@@ -1,4 +1,69 @@
---
+sections:
+ - title: DIVD’s work is of great importance, here is why
+ text: This page explains why our work matters to society, partners, and other organizations.
+ type: titleText
+ - text: |-
+ ## DIVD scans the entire internet
+
+ #### **Traditional methods, like penetration tests, often focus on a specific scope, usually limited to an organization’s IP addresses or URLs. In contrast, DIVD seeks to identify all systems with a particular vulnerability, often discovering issues in systems that organizations were unaware they had.**
+
+ **DIVD takes this a step further.**
+ Because we work for the common good and adhere to guidelines for ethical hacking, we extend our reach beyond the limits imposed on governments or commercial security companies. This allows us to determine with greater certainty whether a system is vulnerable. An email notification from DIVD always indicates a vulnerability that needs immediate attention.
+
+ **DIVD scans for both regular security vulnerabilities and zero-day vulnerabilities.**
+ DIVD independently assigns new unique identifiers (CVEs) when new (previously unknown) vulnerabilities are identified by its researchers.
+
+ **DIVD is known for its transparency & collaboration.**
+ DIVD is recognized for its transparent approach in reporting vulnerabilities and the actions taken to resolve them. This level of openness fosters trust within both the cybersecurity community and the general public. We promote ethical hacking and responsible disclosure while striving to tackle broader cybersecurity challenges. Unlike many cybersecurity organizations, DIVD is a non-profit entity, run by volunteers.
+
+ **DIVD actively engages with the cybersecurity community, including researchers, ethical hackers, and other stakeholders, to share knowledge and improve collective security efforts.**
+ type: paper
+ hasBackground: true
+ - text: |-
+ ## What happens when we find a vulnerability? Here’s an example.
+
+ A good example of what the world would look like without DIVD’s efforts is the SolarMan case. In 2022, a DIVD researcher found a GitHub repository containing the username and password for SolarMan’s Super Admin account. These credentials were visible to anyone who would visit the GitHub page, meaning that anyone in the world with internet access could have gained unauthorized access to nearly 1,000,000 installations.
+ type: doubleDecker
+ - text: |-
+ ## SolarMan’s Password Oopsie
+
+ How 1 million installations almost went dark
+
+ The 1,000,000 installations refer to solar power plants (installations) managed through the SolarMan platform. These installations have a total power output of over 10GwP (gigawatts peak). Most of these systems are located in China and Australia, with a significant number of over 40,000 in The Netherlands.
+
+ DIVD contacted the company responsible for the repository. Eventually, the exposed password was reset and the repository was deleted. But what if the vulnerability hadn’t been discovered and the credentials remained publicly available?
+
+ Cybercriminals could theoretically have been able to gain access to the SolarMan Super Admin account, potentially controlling nearly 1,000,000 installations. They could theoretically have had the ability to alter system settings, disrupt services, or disable installations, causing widespread operational issues.
+ Sensitive information could potentially have been exposed, leading to data breaches. Compromised systems could theoretically have been used to deploy malware, resulting in further security incidents and potential damage to connected networks.
+
+ **The company’s reputation could have been severely damaged, resulting in a loss of trust from customers and partners.**
+ type: paper
+ hasBackground: false
+ - button:
+ label: Go to csirt website
+ url: something I don't know
+ external: false
+ text: Note that it is very complex to summarize any DIVD case, or make accurate and precise assumptions about which risks were specifically mitigated. If you have any questions, please read about our case on the CSIRT
+ type: pill
+ - rightArticle:
+ button:
+ label: Read more
+ url: moar
+ external: false
+ category: Culture
+ title: Microsoft update makes Outlook very vulnerable
+ text: Lorem ipsum dolor sit amet consectetur. Ultricies faucibus sit sit ante vestibulum dictum venenatis commodo.
+ leftArticle:
+ button:
+ label: Read more
+ url: moar
+ external: false
+ category: Culture
+ title: Our yearly get-together was a great succes!
+ text: Lorem ipsum dolor sit amet consectetur. Ultricies faucibus sit sit ante vestibulum dictum venenatis commodo.
+ title: Suggested Articles
+ type: suggestedArticles
title: Our work is of great importance, here is why
intro: |-
This page explains why our work matters to society, partners, and other organisations.
@@ -19,7 +84,7 @@ leftblock:
Cybercriminals often prefer to create exploits for big, well-known issues because they can use those exploits to create powerful, cheap attacks that have worked for many years and on many systems.
image: ""
- Alt tag for image: ""
+ alt: ""
learnmore: /dictionary/
alt: null
rightblock:
@@ -34,7 +99,7 @@ rightblock:
Since this vulnerability is *unknown*, no one is adequately protected against it. The vendor needs to disclose information about the vulnerability to its partners, but in doing so, they also unintentionally but unavoidably inform cybercriminals about the occurrence of a weakness in their software. This is when a race against the clock begins. Who works faster, the software vendor crafting and distributing a patch, or the cybercriminals crafting and deploying an exploit?
image: ""
- Alt tag for image: ""
+ alt: ""
learnmore: ""
alt: null
contenttitle: "## Why our work matters"
@@ -65,15 +130,16 @@ casehighlight:
main:
title: More text here
---
-**DIVD scans the entire internet.**
+
+**DIVD scans the entire internet.**
Traditional methods, like penetration tests, often focus on a specific scope, usually limited to an organization's IP addresses or URLs. In contrast, DIVD seeks to identify all systems with a particular vulnerability, often discovering issues in systems that organizations were unaware they had.
-**DIVD can take this a step further.**
+**DIVD can take this a step further.**
Because we work for the common good and adhere to guidelines for ethical hacking, we can extend our reach beyond the limits imposed on governments or commercial security companies. This allows us to determine with greater certainty whether a system is vulnerable. An email notification from DIVD almost always indicates a vulnerability that needs immediate attention.
-**DIVD scans for both regular security vulnerabilities *and* zero-day vulnerabilities.**
+**DIVD scans for both regular security vulnerabilities _and_ zero-day vulnerabilities.**
DIVD independently [assigns new unique identifiers (CVEs)](https://csirt.divd.nl/cna/) when new (previously unknown) vulnerabilities are identified by its researchers.
diff --git a/content/why-our-work-matters/_index.nl.md b/content/why-our-work-matters/_index.nl.md
index ceecc544..1fca34bb 100644
--- a/content/why-our-work-matters/_index.nl.md
+++ b/content/why-our-work-matters/_index.nl.md
@@ -19,4 +19,5 @@ corevalues:
- title: Technical Proficiency
description: It is crucial for volunteers to have a robust knowledge of cybersecurity principles and methods. If they are considering joining one of our technical teams, they need to possess the necessary technical expertise to effectively detect and scrutinize vulnerabilities in online systems. Keeping up-to-date with the latest technologies and threats through continuous learning is indispensable.
---
+
c
diff --git a/hugo.yaml b/hugo.yaml
index 94209a7d..87bf3726 100644
--- a/hugo.yaml
+++ b/hugo.yaml
@@ -41,3 +41,8 @@ server:
X-XSS-Protection: "1; mode=block"
Content-Security-Policy: "default-src 'none'; frame-src https://form.jotform.com https://eu-submit.jotform.com https://divd.goatcounter.com/count https://cyberveilignederland.nl/woordenboek.iframe; font-src 'self'; img-src 'self' data: https://cdn.theorg.com; script-src 'self' https://form.jotform.com https://unpkg.com/ https://gc.zgo.at; style-src 'self'; connect-src 'self' https://divd.goatcounter.com/count; base-uri 'self'; frame-ancestors 'self'; form-action 'self';"
Referrer-Policy: "same-origin"
+
+markup:
+ goldmark:
+ renderer:
+ hardWraps: true
diff --git a/layouts/_default/baseof.html b/layouts/_default/baseof.html
index 77320d0a..7a578ebb 100644
--- a/layouts/_default/baseof.html
+++ b/layouts/_default/baseof.html
@@ -1,11 +1,11 @@
-
+
-
-
+
+
+ content="width=device-width, initial-scale=1, maximum-scale=1" />
{{ .Title }}
@@ -16,12 +16,13 @@
{{ partial "mainnav.html" . }}
-
+
+
{{ block "main" . }}
-
- {{ end }}
-
+
+ {{ end }}
+
{{ block "footer" . }}
{{ partial "footer.html" }}
{{ end }}
diff --git a/layouts/_default/section.html b/layouts/_default/section.html
index a94a29a3..0886c7d6 100644
--- a/layouts/_default/section.html
+++ b/layouts/_default/section.html
@@ -1,25 +1,19 @@
{{ define "main" }}
+
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/contribute/section.html b/layouts/contribute/section.html
index 344149eb..cb08492b 100644
--- a/layouts/contribute/section.html
+++ b/layouts/contribute/section.html
@@ -1,133 +1,135 @@
{{ define "main" }}
-
-
-
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/dictionary/section.html b/layouts/dictionary/section.html
index 8b0c4d53..578ae2cf 100644
--- a/layouts/dictionary/section.html
+++ b/layouts/dictionary/section.html
@@ -1,43 +1,44 @@
{{ define "main" }}
-
-
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/faq/list.html b/layouts/faq/list.html
index 72a68d1b..9c142ce6 100644
--- a/layouts/faq/list.html
+++ b/layouts/faq/list.html
@@ -1,40 +1,45 @@
{{ define "main" }}
-
{{ partial "p/layout_close" }}
-
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/partials/block/ethics_footer.html b/layouts/partials/block/ethics_footer.html
index 1aadec36..30f23f25 100644
--- a/layouts/partials/block/ethics_footer.html
+++ b/layouts/partials/block/ethics_footer.html
@@ -1,17 +1,16 @@
{{ $blocks := site.GetPage "/block" }}
-
{{ with $blocks.Params.ethics }}
-
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/partials/block/familycta.html b/layouts/partials/block/familycta.html
index bc2692a1..2c815186 100644
--- a/layouts/partials/block/familycta.html
+++ b/layouts/partials/block/familycta.html
@@ -1,23 +1,22 @@
-
{{ $blocks := .Site.GetPage "/block" }}
-
{{ with $blocks.Params.familycta }}
- {{ partial "p/layout_open" (dict "classes" (slice "columns" "columns-2")) }}
-
- {{ with resources.Get "images/global/familycta.png" }}
- {{ partial "tools/rimg/img" (dict "img" . "alt" "Become part of the family") }}
- {{ end }}
-
+ {{ with resources.Get "images/global/familycta.png" }}
+ {{ partial "tools/rimg/img" (dict "img" . "alt" "Become part of the family") }}
+ {{ end }}
+
{{ partial "p/layout_close" }}
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/partials/breadcrumbs.html b/layouts/partials/breadcrumbs.html
index 0522ac4c..14daf7d6 100644
--- a/layouts/partials/breadcrumbs.html
+++ b/layouts/partials/breadcrumbs.html
@@ -1,6 +1,5 @@
\ No newline at end of file
+
diff --git a/layouts/partials/card-article.html b/layouts/partials/card-article.html
index f0ad1125..08a00d82 100644
--- a/layouts/partials/card-article.html
+++ b/layouts/partials/card-article.html
@@ -1,4 +1,3 @@
-
{{ $page := site.GetPage "page" . }}
{{ with $page }}
@@ -9,16 +8,16 @@
{{ $link := .Permalink }}
{{ $imageAlt := .Params.image_alt |default "" }}
- {{ partial "card" (dict
+ {{ partial "card" (dict
"imageSource" $imageSource
"imageAlt" $imageAlt
- "title" .Title
+ "title" .Title
"tag" $tag
- "linkTitle" (i18n "readmore")
+ "linkTitle" (i18n "readmore")
"link" $link
- "classes" (slice "article"))
+ "classes" (slice "article"))
}}
{{ else }}
Card not found
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/partials/card-partner.html b/layouts/partials/card-partner.html
index eee621ca..ed9189ab 100644
--- a/layouts/partials/card-partner.html
+++ b/layouts/partials/card-partner.html
@@ -7,22 +7,22 @@
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/partials/card.html b/layouts/partials/card.html
index 43dde84f..eb186dbb 100644
--- a/layouts/partials/card.html
+++ b/layouts/partials/card.html
@@ -11,35 +11,36 @@
{{ $alt := $imageAlt | default $name }}
{{ if not $alt }}
- {{ warnf "No alt tag set for card with name '%s', title '%s', link '%s' and image '%s'" $name $title $link $imageSource }}
+ {{ warnf "No alt tag set for card with name '%s', title '%s', link '%s' and image '%s'" $name $title $link $imageSource }}
{{ end }}
-
-
- {{ with resources.Get $imageSource }}
- {{ partial "tools/rimg/img" (dict "img" . "alt" $alt) }}
-
- {{ else }}
-
- {{ end }}
- {{ if $tag }}
- {{ $tag }}
- {{ end }}
-
-
- {{ if $name }}
-
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/people/list.html b/layouts/people/list.html
index 1153e7cf..57504d38 100644
--- a/layouts/people/list.html
+++ b/layouts/people/list.html
@@ -1,7 +1,5 @@
{{ define "main" }}
-
-
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/volunteers/list.html b/layouts/volunteers/list.html
index aa1320f4..2eb342f4 100644
--- a/layouts/volunteers/list.html
+++ b/layouts/volunteers/list.html
@@ -1,59 +1,66 @@
{{ define "main" }}
+
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/what-we-do/list.html b/layouts/what-we-do/list.html
index 5fbe5eb5..b6119853 100644
--- a/layouts/what-we-do/list.html
+++ b/layouts/what-we-do/list.html
@@ -1,83 +1,85 @@
{{ define "main" }}
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/layouts/who-we-are/list.html b/layouts/who-we-are/list.html
index 55a7af71..08c6b8db 100644
--- a/layouts/who-we-are/list.html
+++ b/layouts/who-we-are/list.html
@@ -1,79 +1,78 @@
{{ define "main" }}
-