Editor’s Highlights
Upcoming release: Elements Agent for Mac 24.1
A new version of the Elements Agent for Mac is coming soon. Admins are required to create WithSecure MDM profiles to support seamless migration: Please see the Elements Agent for Mac changelog for more details.
Elements Security Center
Mass acknowledgement of security events based on target
It is now possible to perform a mass acknowledgement of security events
Other Improvements
Devices page
Searching for host name is now supported in the Device view
Reports
We have renamed the 'Email Reports' tab to 'Email and Notification Report' Additionally, we have clarified the accompanying information text. The purpose of this enhancement is to emphasize that this feature serves as a valuable tool for notifying users about non-compliant devices (e.g., devices with malware protection disabled) or for receiving alerts related to specific events (e.g. Malware blocked or EDR incident).
Reports/My report
If a user has not yet created any reports, they will now see an option to access pre-defined widgets. This enhancement aims to help users understand the types of dashboards they can create.
When adding a dashboard to 'My Report', the template name (data field) is now clearly displayed below the dashboard. This enhancement ensures transparency and helps users understand the data sources used to build their customized dashboards.
We have expanded the device information available for creating reports within 'My Reports'. Users now have access to a wider range of parameters when building their customized reports.
Reports/Email and notification report
Users can now send a test report directly from the 'Reports/Email and Notification Report' section. This option simplifies the process of testing new email notifications or reports.
Elements Endpoint Protection
Elements Agent for Computers and Servers: Version 24.2
A new version of the endpoint clients is available and this release makes the Elements Agent version 24.2 available (internal version 24.2.187).
The endpoints automatically upgrade, without a reboot.
Features:
New WithSecure Elements agent update mechanisms.
We are taking into use backend services that are completely distinct from the services used by F-Secure products. Therefore this release also introduces new server addresses where the endpoints connect to. The switch to the new backend services happens like the usual automatic endpoint upgrade. It requires minimal extra bandwidth.
Note that if endpoint is missing the ACS (Azure Code Signing) dependencies it won't be upgraded automatically to 24.2 (and will be automatically upgraded once the ACS issue is resolved).
For more information see Changes in support on Microsoft Windows – Minimum patch level - WithSecure Community
Support for Windows on ARM64 processors
We are pleased to announce that version 24.2 of 'WithSecure Elements EPP for Computers' and 'WithSecure Elements EPP for Computers Premium' introduces support for Windows ARM64 devices. The following features are supported:
- Heuristic & behavioral analysis
- DeepGuard
- Extensive web protection
- Firewall management
- Integrated patch management
- Device control
- Rollback
Elements Mobile Protection: Release new Mobile Protection
We have now released a new version of Elements Mobile Protection for both Android and iOS devices.
Briefly, this version brings the following benefits:
Improve the overall user experience and reliability when browsing traffic is being protected
- A new Network Gateway component to protect network traffic, also utilizing the WithSecure Security Cloud, for seamless and fast scanning
- Note: The Network Gateway component on the device will replace the current VPN functionality
- A new Browsing Protection plugin for Mobile Safari on iOS devices
- Visibility to Elements Mobile Protection events in the Elements Security Center
As some of the changes are quite significant, we have created an article with Frequently Asked Questions
Elements Endpoint Detection and Response
Element Endpoint Detection & Response: New status "Waiting for customer" available for Broad Context Detections
User can now update the status for a BCD as “Waiting for customer”
'Waiting for Customer - The incident is now awaiting confirmation / response from the end customer before it can be progressed.'
The user can also filter the BCDs by this status:
The dashboard also gives an overview of the status:
Elements Vulnerability Management
EVM: System Scan
Detections have been added to check for vulnerabilities in the following products, in authenticated scanning on Windows:
- Lenovo Diagnostics Tool
- Lenovo System Update
- Lenovo Service Bridge
- Lenovo Power Management Driver
- Lenovo Vantage
- Lenovo System Interface Foundation
- Dell Update
- Dell Digital Delivery
- Dell SupportAssist Enterprise
- Dell SupportAssist and Dell SupportAssist for Business PC
- Intel Battery Life Diagnostic Tool
- Intel Dynamic Tuning Technology
- TeamViewer Meeting
- TeamViewer Host
- cURL
- Devolutions Workspace
- FontForge
- Snow Inventory Agent
- Puppet Bolt
- PaperCut editions
- Secure Connect Gateway - Application Edition
Other items of interest
Monthly Threat Highlights Report: February 2024
Here is more information on the key problems included in the February 2024 Threat Landscape Update report:
- Mass Exploitation Incidents: ongoing mass exploitation incidents involving vulnerabilities in Ivanti ConnectSecure and ConnectWise ScreenConnect, emphasizing the critical need for organizations to patch these vulnerabilities promptly to prevent widespread compromise.
- Ransomware Attacks: the continuation of ransomware attacks in February, with varying opinions and statistics on the state of the ransomware sector. This indicates the persistent threat posed by ransomware actors and the importance of robust cybersecurity measures to mitigate such attacks.
- Machine Learning and LLMs for Malicious Activities: Machine Learning and Large Language Models (LLMs) for malicious activities such as fraud and autonomous hacking. This highlights the evolving tactics used by threat actors and the need for advanced detection and mitigation strategies in cybersecurity defenses.
- Phishing/Maldoc Exploits: significant increases in phishing/maldoc exploits targeting client software are noted in the report. Specific vulnerabilities such as CVE-2023-21716, CVE-2023-38831, CVE-2023-23376, and CVE-2023-23397 are highlighted, indicating the prevalence of these exploit techniques and the importance of timely detection and prevention measures.
- Lazarus Group Exploiting Windows Driver Zero-Day: the report mentions the Lazarus Group exploiting a Windows driver zero-day vulnerability (CVE-2024-21338) to disable security tools. This underscores the threat posed by sophisticated threat actors and the need for organizations to stay vigilant against such targeted attacks.
Download report
In case you missed it
Multi-Factor Authentication Enforcement
From April 22nd 2024, we will start to enforce the use of Multi-Factor Authentication when accessing the WithSecure Elements Security Center. You can find out more details at our dedicated article
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via our Ideas Portal, now accessible directly from WithSecure™ Elements Security Center.
Further information
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center
