A slightly “lighter” update this time, compared to most months.
As it has been the holiday season in many parts of the world, we prefer not to release larger changes to our products and solutions during this period, to minimize any possible effects on our customers.
Upcoming changes to clients
As previously announced, we will be releasing new clients which have changed requirements during February 2024. Administrators are STRONGLY advised to read about these changes and take appropriate actions in preparation. You can find out more about this in the dedicated Community article
Elements Security Center
Reminder: Always use elements.withsecure.com when accessing the Elements Security Center
When we first launched Elements, it was part of the F-Secure family of products, and could be accessed using an f-secure.com URL. This old name is now fully deprecated, and users should always use theURL.
We strongly recommend that users update their bookmarks to ensure the correct address is used.
Elements Endpoint Protection
Elements Agent for Mac
WithSecure™ Element Agent 23.2.51507 Update - Now Available for All Customers
- macOS 14 Sonoma Support: The agent now supports macOS 14 Sonoma.
- Automatic Auditd Activation: Auditd will automatically enable if needed for the sensor. Note: A reboot is required.
Compatibility: WithSecure™ Element Agent is compatible with the following macOS versions:
- macOS 11 Big Sur
- macOS 12 Monterey
- macOS 13 Ventura
- macOS 14 Sonoma
Elements Mobile Protection (Android)
An update to the WithSecure Elements Mobile Protection app for Android (23.5.0022636) has been released,
This release includes the following new features and improvements:
- The app now supports the following security parameters:
- Root device detection
- Devices connected to an open WiFi
- The app running on a simulator
- The app now supports the Infection deleted security event
Elements Vulnerability Management
EVM: System Scan
The following capability has been added to the Online Network check:
- Detect NetScaler ADC and NetScaler Gateway Sensitive information disclosure ("Citrix Bleed")
The following capability has been added to authenticated scanning for both Windows and Linux
- Detect vulnerabilities in Elasticsearch for Apache Hadoop
The following capabilities have been added to authenticated scanning for Windows:
- Detect vulnerabilities in Trend Micro Apex One
- Detect vulnerabilities in RVTools
- Detect vulnerabilities in Rapid7 Insight Agent
- Detect vulnerabilities in WD Discovery Desktop App
- Detect vulnerabilities in Dell Command | Integration Suite for System Center
- Detect vulnerabilities in Dell Command | Configure
- Detect vulnerabilities in Dell Security Management Server
- Detect vulnerabilities in Dell Command | Update
- Detect vulnerabilities in Dell Command | Monitor
- Detect vulnerabilities in Dell Update
- Detect vulnerabilities in Dell SonicWALL Directory Connector
- Detect vulnerabilities in Dell Encryption
- Detect vulnerabilities in Dell Optimizer
- Detect vulnerabilities in WPS Office
- Detect vulnerabilities in Intel Chipset Device Software
EVM: Scan Node Agent
New versions of the Scan Node Agents have been released for Windows and Linux:
Linux Scan Node Agent
This release brings the following improvements
- Migrate existing Linux SNA installations to use fsapi.com endpoints
- Modify Linux SNA update process to use fsapi.com endpoints
Windows Scan Node Agent
This release brings the following improvements
- Migrate Windows SNA to use fsapi.com endpoints
- Remove user-visible references to f-secure.com
Other items of interest
Monthly Threat Highlights Report: November 2023
- Apache ActiveMQ (CVE-2023-46604): This vulnerability allows a remote attacker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. It is being actively targeted by ransomware groups including HelloKitty.
- Atlassian Confluence (CVE-2023-22518): This vulnerability can result in significant data loss when exploited by an unauthenticated attacker. It is being actively targeted by threat actors including ransomware groups.
- SysAid Server (CVE-2023-47246): This vulnerability is a path traversal vulnerability that leads to code execution. It was publicly disclosed on November 8, 2023, and was targeted by the Lace Tempest group on November 2, 2023.
- F5 BIG-IP (CVE-2023-46747): Threat actors are exploiting this vulnerability together with CVE-2023-46748 as part of an exploit chain in observed attacks in the wild. Patches are available to fix this issue, and F5 have released relevant advice.
- WinRAR (CVE-2023-38831): This vulnerability has been targeted by numerous threat actors since April 2023. In a recent campaign, it is alleged that Russia is using the vulnerability to target Azerbaijan, Greece, Romania, and Italy for the purposes of espionage.
The SEC has filed a lawsuit against SolarWinds and its CISO, Timothy Brown, alleging that the defendants' attitude and behaviors led to poor cybersecurity practices. The lawsuit alleges that SolarWinds' public statements about its cybersecurity practices and risks painted a starkly different picture from internal discussions and assessments about the company's cybersecurity policy violations, vulnerabilities, and cyberattacks.
Ransomware Trends and Notable Reports
- Increase in ransomware activity: There has been a 25% increase in ransomware activity compared to October 2023, which is a return to "normal" figures.
- LockBit’s CitrixBleed Campaign: This campaign highlights the danger associated with CVE-2023-4966 "Citrix Bleed," a vulnerability in Citrix NetScaler ADC and Gateway which has allowed attackers to steal session cookies/tokens and therefore gain initial access into networks.
Stay informed about the latest cybersecurity threats and trends.
In case you missed it
Upcoming changes to the Elements Security Center
As part of our ongoing work to improve the usability of the Elements Security Center for administrators, we will be introducing some changes in January 2024. You can find out more details in a dedicated Community article
The security of your Elements account is important to us, and should be important to you too. We’ve recently added extra options for using Multi-Factor Authentication with Elements, and there’s an article about it too
In addition, we have raised the minimum standard for passwords in Elements. Further details are available
Client changes in 2024
In February 2024, we will be releasing new client installers for the Elements products. While most of the changes are small, there are some slightly larger changes that Administrators need to be aware of. We have a separate article in the Community that lists these in more detail.
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center