Editor’s Highlights
Elements Connector
A new version of the Elements Connector (internal version 23.05.97280) has been rolled out starting on 28.02.2023. The endpoints automatically upgrade, without a reboot.
The Elements Connector Ultimate proxy is introduced with this release. Please see below for more details.
Elements Security Center
Software updates tab now respects readOnlyWorkstations and readOnlyServer user permissions
For example if user is logged with readOnlyWorkstation then all update checkboxes affecting only workstation will be hidden.Also when select all or individual update checkbox is clicked then operations wizard has update button enabled only for which user is permitted.
Show disabled checkboxes for missing updates instead of hiding them for full readOnly, readOnlyWorkstations or readOnlyServers users
Select devices to update button is enabled now when select all updates clicked
Installation Logs of Software Updates can now be filtered by the Device UUID and List of BulletinIDs
Additionally the filters in general in both Missing Updates and Installation Log tabs are persistent. Same as in Security Events and Audit Log.
Added confirmation popup for evaluating rules for all devices after saving
Update advisory entry for Connector low disk space to use 5GB instead of 20GB
Audit Logs added for quarantine related operations are now accessible from Security Events list
Navigation from Device Details to the filtered Installation Log is now possible
UI improvements to Custom report for devices
Added enabling / disabling change tracking to audit logs
Added possibility to export a read-only profile
Elements Endpoint Protection
WithSecure Elements Agent for Windows and Server new version 23.2
A new version of the endpoint clients is available.
This release makes the Elements Agent version 23.2 available (internal version 23.2.1150).
The endpoints automatically upgrade, without a reboot.
A new security event is triggered if Server Share Protection backup fails because folder does not exist
Elements agent shows a flyer if browsing protection is enabled but browser extensions are not installed or not activated
This feature can be enabled from "Remind user to activate browser plugins" in Browsing protection settings of the portal's profile editor.
In addition:
- Elements Agent user interfaces have new WithSecure style.
- Vulnerability scanning task will work in Element agent even if Automated tasks feature is disabled in profile.
- Deploying Elements agent as Win32 app in MS Intune is supported.
- "Hide exclusions from clients" option hides now exclusions also from the scan report.
- Turn off security features turns off also features that are locked in the profile.
- Network location settings changes also settings that are locked in the profile depending on the network location.
- Software updater marks now updates as security updates faster than before.
- Elements agent does not send empty IPv4 and IPv6 addresses to portal anymore.
Elements Collaboration Protection
Elements Collaboration Protection Update
This latest release adds:
- New response action for SharePoint OneDrive and Teams policy settings: immediate deletion of malicious content
- The possibility to automatically protect newly added assets in SharePoint and OneDrive
Elements Vulnerability Management
Option of ignoring false positives on the Discovery scan configuration user interface
By filtering out false or unreliable hosts based on their TTL (Time to Live) value, it helps to ensure that only accurate and trustworthy information is utilized within the network.
Updates to Web scan configuration section.
The default HTTP headers configuration has been moved to the Web scan section and custom headers now replace the default headers. A new option to include the Web scan product identifier in the User-Agent HTTP header has also been added.
Elements Vulnerability Management System Scan
This release includes:
- Capability to detect vulnerabilities in Sunlogin Client in authenticated scanning for Windows
- Capability to detect vulnerabilities in McAfee Security Scan Plus in authenticated scanning for Windows
- Capability to detect vulnerabilities in Tailscale in authenticated scanning for Windows
- Capability to detect vulnerabilities in Securepoint SSL VPN Client in authenticated scanning for Windows
- Capability to detect vulnerabilities in Windscribe VPN in authenticated scanning for Windows
- Capability to detect vulnerabilities in Aviatrix OpenVPN Client in authenticated scanning for Windows
- Capability to detect vulnerabilities in Acronis Cyber Protect Home Office in authenticated scanning for Windows
Elements Vulnerability Management Web Scan
This release includes:
- Added 401 Unauthorized response code as a correct return code for the login page
- Added support for CVSSv3
- Added logout monitoring to the regular crawler
Elements Vulnerability Management System Scan
This release includes:
- Capability to detect vulnerabilities in Adaware Protect in authenticated scanning for Windows
- Capability to detect vulnerabilities in AnyDesk in authenticated scanning for Windows
- Capability to detect vulnerabilities in Stormshield SSL VPN Client in authenticated scanning for Windows
- Capability to detect vulnerabilities in Sophos Exploit Prevention in authenticated scanning for Windows
- Capability to detect vulnerabilities in McAfee Data Loss Prevention (DLP) Endpoint in authenticated scanning for Windows
- Capability to detect vulnerabilities in HP Connection Optimizer in authenticated scanning for Windows
- Capability to detect vulnerabilities in pgAdmin in authenticated scanning for Windows
- Capability to detect vulnerabilities in Hotspot Shield VPN client in authenticated scanning for Windows
- Capability to detect vulnerabilities in Avast Secure Line VPN in authenticated scanning for Windows
- Capability to detect vulnerabilities in Kaspersky VPN Secure Connection in authenticated scanning for Windows
Integrations
Elements API change in existing endpoints
Devices endpoint:
- filtering by device serial number and protectionStatusOverview
- New fields for software update: last software scan and install timestamps were added to response (for device type computer)
Security events endpoint:
- engine and severity query parameters support multiple values
WithSecure Connector 23.05
A new version of the Elements Connector (internal version 23.05.97280) has been rolled out starting on 28.02.2023. The endpoints automatically upgrade, without a reboot.
The Elements Connector Ultimate proxy is introduced with this release
This feature allows Connector to act as a proxy for all traffic between WithSecure endpoints and cloud services simplifying firewall configurations and allowing the use of WithSecure products in semi-closed environments. It extends GUTS2 and SWUP caching only mode and is enabled for all Connectors by default.
Chained Connectors are now possible
It is now possible to chain Elements Connectors so that it uses another one to reach the backends. For that, you need to specify the upstream connector in the profile as an HTTP proxy. You can specify multiple Connectors using a semicolon.
Elements Connector starts using the new Elements API to forward security events
If Connector was already configured to use Event Forwarding, it continues using current credentials after the upgrade, follow API configuration instructions to reconfigure and start using the new Elements API.
Multiple HTTP proxy support
Support for multiple HTTP proxies has been introduced so that Elements Connector remains connected in case of proxy failure. You can specify multiple HTTP proxies using a semicolon. If the connection becomes unstable, Elements Connector starts using the next proxy from the list:
http://myproxy-1:80;http://myproxy-2:80;http://myproxy-3:80
Elements Connector integration for Microsoft Sentinel
We have now made Elements Connector available in the Azure Marketplace.
Elements Connector is now branded as WithSecure
This release introduces WithSecure brand. Previous releases were branded as F-Secure.
Forwarded events now have WithSecure vendor name
If your SIEM is configured to filter based on the vendor name, this filter has to be adjusted.
Other items of interest
Monthly Threat Highlights Report: February 2023
Ransomware: Trends and notable reports
- ESXiArgs
- The end of Hive???
- Alphv attack on Munster
- Technological University
- The $10k ransomware manual
- TV provider Dish experience ransomware attack
- Newcomers: Nevada
- Newcomers: Mimic
Other notable highlights in brief
- GoAnywhere exploitation
- Zoho ManageEngine exploitation
- KeePass problems
- QR code phishing
- Sh1mmer exploit can unenroll managed Chromebooks
- IceBreaker target gaming/gambling companies
You can download the full report for reading later.
In case you missed it
Changes to your WithSecure Business Account
On Wednesday 8th of March we made some changes to the WithSecure Business Account (formerly F-Secure Business Account), and we would like to remind you of these. You can read more from the following article
End of Support for Windows 7 and Windows Server 2008
In 2019, F-Secure Business (now WithSecure) communicated that product support for Windows 7 and Windows Server 2008R2 would end in January 2023 for Elements and Business Suite products, in line with Microsoft’s own Extended Security Updates program.
These Operating System versions are no longer supported by Microsoft and will receive no further security updates.
To allow our customer base a little additional time to upgrade their devices, WithSecure will provide support for these products on legacy Operating Systems until 30 June 2023.
As such, both Microsoft and WithSecure strongly encourage customers to upgrade to supported versions as soon as possible.
The affected versions are:
- Microsoft Windows 7 (all variants)
- Microsoft Windows Server 2008 (all variants, including 2008R2)
You can read more from the following link
Changes in support on Microsoft Windows – Minimum patch level
In a world where cyber criminals seek to exploit even the smallest vulnerabilities to get access to your devices and data, it is really important to maintain your operating systems to the latest vendor patch level.
All Operating System vendors, including Microsoft, Apple, Google and all the Linux vendors, strongly recommend that their customers patch their devices regularly with the latest available patches, to help reduce the threat.
Using an unpatched operating system is risky, and WithSecure always recommends keeping patches up to date.
Occasionally, software vendors will change their requirements on minimum supported versions of operating systems, often in alignment with the OS vendor. Microsoft now requires a minimum patch level of October 2021 for certain types of files included in third-party software, and WithSecure is changing its requirements in alignment.
Read more from the following link
Reminder: Elements Vulnerability Management introduces new scoring system – CVSSv3
In order to align with industry standards and vulnerability scoring in WithSecure Elements Endpoint Protection, Elements Vulnerability Management will introduce CVSSv3 vulnerability scoring.
What is happening?
Since the introduction of Elements Vulnerability Management, it has used CVSS v2 for vulnerability scoring.
Starting from March 8, 2023 Elements Vulnerability Management uses CVSS v3.1.
Read more from the following article
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.
Further information
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center
