WithSecure Products and macOS 14 “Sonoma”
Unfortunately, we are not quite ready to support the new macOS 14 “Sonoma” version that Apple is releasing. You can find our current status and recommendations in our dedicated article
Elements Security Center
Uninstalled devices are now shown in Managed Removed Devices view
This view shows devices where Elements agent was uninstalled, currently supporting Windows agents only.
Security posture new profile based assessments
A new form of security posture analysis points have been added. These analyse data from the profile settings to warn admins about potentially risky configuration.
Devices assigned to the affected profile are shown under security posture
Device count and platform shown in Security Posture view
The profile based assessments flyout now shows the device count for each affected profile together with a platform type icon that links to device view.
Missing updates and installation logs now can now be filtered
Security Events now includes Collaboration Protection events
Information on the number of malicious URLs and attachments discovered by Collaboration Protection was added to Security Event details of the Collaboration Protection Email Scan Event.
The “Other Elements Solution view” in Security Events now also contains all Collaboration Protection events.
New profile based security posture
The security posture now shows if the "User can tun off real-time scanning on the client as the setting is unlocked in the profile".
Explanation of what caused a profile assignment shown in device details
The reason for triggering a profile assignment for a device are now visible in the device details operations table.
Possibility to organize graphs added to Custom Reports view
We have now added buttons for moving graphs to first and last places in the custom reports view. This can help administrators prioritize the information displayed, to suit their own needs.
Elements Endpoint Protection
Elements Agent for Windows and Server - Version 23.6
This release makes the Elements Agent version 23.6 available (internal version 23.6.394).
The endpoints automatically upgrade, without a reboot.
Report info about all currently logged in users
You can now search for all devices that a user has logged on to.
We also report all recently logged in users so you can find devices where user was logged in recently.
Rollback feature sends alert when user restores Rollbacked files
Elements Endpoint Detection and Response
We recently released some changes to the EDR Broad Context Detection views. You can find more information on this change in a separate article
Elements Collaboration Protection
Automatic protection for new Teams channels
The “Automatically protect newly-added assets” setting for SharePoint tool is now covering onboarding of the newly-added Teams channels. If this setting is turned off, you need to manually select the asset that needs to be protected. Note, that after the new release the existing Teams channels would not be protected automatically, only the newly-added.
Elements Vulnerability Management
EVM System Scan
The following products were added to the detection component of the EVM Authenticated System Scan for Windows
- CVeritas InfoScale Operations Manager (VIOM)
- Cisco Duo Authentication Proxy
- IBM Aspera Cargo
- IBM Aspera Connect
- WireGuard client
- Duo Authentication
- Cisco Duo Device Health Application
- IBM SPSS Statistics
- Citrix ShareFile Storage Zones Controller
- Dell Wyse Management Suite
- Mattermost Desktop
- Acronis Cyber Backup
- Acronis Cyber Protect
- Automox Agent
- Kofax Power PDF
Elements Vulnerability Management Portal
Clarified usage calculation explanation
The usage calculation was improved in the Subscription details section of the Settings page to address the inclusion of deleted scanned targets. The calculation considers deleted scanned targets to ensure accurate tracking.
Elements API: cookbook and new filter for incidents
Elements API Cookbook
To help our customers integrate with Elements API we created the Elements API Cookbook. It contains recipes with descriptions of common use cases and example solutions implemented as Python procedures.
Changes in the Incident endpoint
New filters : risk level, updatedTimestampStart & updatedTimestampEnd to enhance incidents and detections polling as filtering by updatedTimestamp helps getting recent updates (seeCookbook - poll detections).
New fields: RiskScore (number representing the incident's risk) and categories (for example CREDENTIAL_THEFT)
New endpoint to Add comment to an incident: This allows the addition of a ticket number or an explanation about the incident as a comment in the incident's details view in Element Security Center.
Endpoint Protection API is deprecated
We kindly remind you that the following endpoints have reached their end of life and should not be used anymore:
- security events
The following endpoints are deprecated and soon end of life
Invitations: End of Life : 3rd of November, 2023
Subscriptions: End of Life: 11th of March, 2024
WithSecure Elements Connector
In order to provide a better and more unified set of APIs for WithSecure Elements, we are progressively deprecating the Endpoint Protection API and replacing it by Elements API. If your Elements Connector is used to stream security events from the WithSecure Elements portal to your SIEM and was configured before 23.05 release, it might be still using Endpoint Protection API.
Elements Security Center will warn you if actions are needed in the Issues list:
Corresponding warning is also shown in the Connector device view:
In order to preserve event forwarding functionality please switch over to using Elements API credentials before 31.12.2023. You can find full details of the required changes in the userguide.
Other items of interest
Monthly Threat Highlights Report: August 2023
New vulnerabilities in Ivanti products
Several vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron, that have been identified and exploited by a highly sophisticated threat actor. These vulnerabilities include CVE-2023-35078 and CVE-2023-35081, which allow for arbitrary unauthenticated file writes and can be used to upload and execute files and deploy web shells.
Exploitation of WinRAR vulnerabilities
One of two vulnerabilities in WinRAR is already being actively exploited, and the other is likely to be weaponized due to the prevalence of WinRAR.
Affiliate campaign installing a malicious "Digital Pulse" proxy
Affiliate campaign that installs a malicious "Digital Pulse" proxy, which can be used to intercept and modify web traffic.
Changing hacktivist landscape
Assessment of the changing hacktivist landscape, including the emergence of new groups and the tactics they are using.
Ransomware trends and statistics
Ransomware landscape, including statistics from known attacks, and highlights newcomers "Cloak", "Metaencryptor", and "Ransomed".
Threat data highlights
Overview of vulnerabilities that have been heavily discussed on social media, as well as VirusTotal trends and other threat data highlights.
In case you missed it
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center