Product Troubleshooting What's New in Elements

December 2023

Editor’s Highlights

A slightly “lighter” update this time, compared to most months.

As it has been the holiday season in many parts of the world, we prefer not to release larger changes to our products and solutions during this period, to minimize any possible effects on our customers.

Upcoming changes to clients

As previously announced, we will be releasing new clients which have changed requirements during February 2024. Administrators are STRONGLY advised to read about these changes and take appropriate actions in preparation. You can find out more about this in the dedicated Community article

Elements Security Center

Reminder: Always use elements.withsecure.com when accessing the Elements Security Center

When we first launched Elements, it was part of the F-Secure family of products, and could be accessed using an f-secure.com URL. This old name is now fully deprecated, and users should always use the https://elements.withsecure.com URL.

We strongly recommend that users update their bookmarks to ensure the correct address is used.

Elements Endpoint Protection

Elements Agent for Mac

WithSecure™ Element Agent 23.2.51507 Update - Now Available for All Customers

New Features:

macOS 14 Sonoma Support: The agent now supports macOS 14 Sonoma.
Automatic Auditd Activation: Auditd will automatically enable if needed for the sensor. Note: A reboot is required.

Compatibility: WithSecure™ Element Agent is compatible with the following macOS versions:

macOS 11 Big Sur
macOS 12 Monterey
macOS 13 Ventura
macOS 14 Sonoma

Elements Mobile Protection (Android)

An update to the WithSecure Elements Mobile Protection app for Android (23.5.0022636) has been released,

This release includes the following new features and improvements:

The app now supports the following security parameters:
- Root device detection
- Devices connected to an open WiFi
- The app running on a simulator
The app now supports the Infection deleted security event

Elements Vulnerability Management

EVM: System Scan

The following capability has been added to the Online Network check:

Detect NetScaler ADC and NetScaler Gateway Sensitive information disclosure ("Citrix Bleed")

The following capability has been added to authenticated scanning for both Windows and Linux

Detect vulnerabilities in Elasticsearch for Apache Hadoop

The following capabilities have been added to authenticated scanning for Windows:

Detect vulnerabilities in Trend Micro Apex One
Detect vulnerabilities in RVTools
Detect vulnerabilities in Rapid7 Insight Agent
Detect vulnerabilities in WD Discovery Desktop App
Detect vulnerabilities in Dell Command | Integration Suite for System Center
Detect vulnerabilities in Dell Command | Configure
Detect vulnerabilities in Dell Security Management Server
Detect vulnerabilities in Dell Command | Update
Detect vulnerabilities in Dell Command | Monitor
Detect vulnerabilities in Dell Update
Detect vulnerabilities in Dell SonicWALL Directory Connector
Detect vulnerabilities in Dell Encryption
Detect vulnerabilities in Dell Optimizer
Detect vulnerabilities in WPS Office
Detect vulnerabilities in Intel Chipset Device Software

EVM: Scan Node Agent

New versions of the Scan Node Agents have been released for Windows and Linux:

Linux Scan Node Agent

This release brings the following improvements

Migrate existing Linux SNA installations to use fsapi.com endpoints
Modify Linux SNA update process to use fsapi.com endpoints

Windows Scan Node Agent

This release brings the following improvements

Migrate Windows SNA to use fsapi.com endpoints
Remove user-visible references to f-secure.com

Other items of interest

Monthly Threat Highlights Report: November 2023

Exploited Vulnerabilities

Apache ActiveMQ (CVE-2023-46604): This vulnerability allows a remote attacker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. It is being actively targeted by ransomware groups including HelloKitty.
Atlassian Confluence (CVE-2023-22518): This vulnerability can result in significant data loss when exploited by an unauthenticated attacker. It is being actively targeted by threat actors including ransomware groups.
SysAid Server (CVE-2023-47246): This vulnerability is a path traversal vulnerability that leads to code execution. It was publicly disclosed on November 8, 2023, and was targeted by the Lace Tempest group on November 2, 2023.
F5 BIG-IP (CVE-2023-46747): Threat actors are exploiting this vulnerability together with CVE-2023-46748 as part of an exploit chain in observed attacks in the wild. Patches are available to fix this issue, and F5 have released relevant advice.
WinRAR (CVE-2023-38831): This vulnerability has been targeted by numerous threat actors since April 2023. In a recent campaign, it is alleged that Russia is using the vulnerability to target Azerbaijan, Greece, Romania, and Italy for the purposes of espionage.

SolarWinds Lawsuit

The SEC has filed a lawsuit against SolarWinds and its CISO, Timothy Brown, alleging that the defendants' attitude and behaviors led to poor cybersecurity practices. The lawsuit alleges that SolarWinds' public statements about its cybersecurity practices and risks painted a starkly different picture from internal discussions and assessments about the company's cybersecurity policy violations, vulnerabilities, and cyberattacks.

Ransomware Trends and Notable Reports

Increase in ransomware activity: There has been a 25% increase in ransomware activity compared to October 2023, which is a return to "normal" figures.
LockBit’s CitrixBleed Campaign: This campaign highlights the danger associated with CVE-2023-4966 "Citrix Bleed," a vulnerability in Citrix NetScaler ADC and Gateway which has allowed attackers to steal session cookies/tokens and therefore gain initial access into networks.

Stay informed about the latest cybersecurity threats and trends.

In case you missed it

Upcoming changes to the Elements Security Center

As part of our ongoing work to improve the usability of the Elements Security Center for administrators, we will be introducing some changes in January 2024. You can find out more details in a dedicated Community article

Account Security

The security of your Elements account is important to us, and should be important to you too. We’ve recently added extra options for using Multi-Factor Authentication with Elements, and there’s an article about it too

In addition, we have raised the minimum standard for passwords in Elements. Further details are available

Client changes in 2024

In February 2024, we will be releasing new client installers for the Elements products. While most of the changes are small, there are some slightly larger changes that Administrators need to be aware of. We have a separate article in the Community that lists these in more detail.

Share your ideas with us

Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.

Further information

Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center