Editor’s Highlights
As part of our ongoing work to unify workflows in WithSecure Elements, we have introduced changes to Organization Management. Read more about this in the Elements Foundation section below.
Extended Detection and Response
Endpoint Protection
Elements Mobile Protection for iOS
An update to the WithSecure Elements Mobile Protection app for iOS (25.3.11393) has been released.
It includes the following new features and improvements:
- Improvements to app stability
Elements Mobile Protection for Android
An update to the WithSecure Elements Mobile Protection app for Android (25.1.0023199) has been released.
It includes the following new features and improvements:
- The app and WithSecure Elements Security Center now support security events for certificate validation failure
- The app now supports the Chrome extension for ChromeOS
- Added a tutorial view for ChromeOS users
- Network Gateway now uses a cache to reduce the amount of recurrent validations
- The app now supports updating user data
- Redesigned the app Settings interface
- Improvements to how tracking attempts are counted
- Improvements to app stability
Fixed issues:
- The app now shows the correct timestamp for the last status update
Endpoint Detection and Response
Elements Detection and Response: Enhanced BCD investigation
We have now released more enhancements that allows users to execute response jobs directly from the BCD details view. This eliminates the need to manually copy information to external tools, streamlining the investigation process and improving response time.
What’s New?
- Execute response jobs without leaving the BCD page – Users can now initiate response actions directly from the BCD details view.
- Pre-populated parameters – Job parameters are automatically populated where possible, reducing manual input and errors.
- Support for offline execution – Response actions can be queued even when the device is offline and will execute once it is back online.
Supported Response Jobs
- Delete Files
- Retrieve Files
- Kill Processes
Note: Any BCD created after January 10, 2025, will include the necessary provision to execute jobs directly from the BCD view. However, older BCDs created before this date lack the required data and will have this feature disabled.
Email and Collaboration Protection
A new version has been released.
Main changes:
- Elements Collaboration Protection will mark mailboxes that have lost the connection to Microsoft as TemporaryFailure. The mailboxes should recover by itself in a short period of time. Admins can turn on notifications in this kind of events in policy settings.
- Enhanced the reporting accuracy of active mailboxes
- Enhanced/aligned the licence counts between views
- Enhanced translation for Japanese users
Exposure Management
We have released Exposure Management with following changes:
- Executive summary report (beta version) now contains also company exposure risk as a visual grade with reference to how you are doing compared to other companies using WithSecure XM. Executive summary report is available in the Exposure dashboard page accessible via Home -> Exposure.
- We have fixed an issue where not all recommendations were visible and some of the findings were not included in the visible recommendations. For the cases where recommendations were not included in the recommendation hierarchy, we are showing "inconclusive" as state. We advise to look inside those recommendations to see the finding specific remediation impact and relative remediation guidance.
- Cloud findings which are not visible in the latest scan are now properly removed from Exposure management and their impact to the Cloud recommendation is re-calculated.
- Several minor bug and performance improvements.
Exposure Management for Users
System Scan
Support for detecting vulnerabilities in the following products was added to Authenticated Scanning:
- Admin By Request
- Apache Commons Configuration
- Apache Felix Webconsole
- Beckhoff TwinCAT Package Manager
- Brother iPrint&Scan
- Bruno
- CheckMK Agent
- Citrix Secure Access
- Dell NetWorker
- Dell NetWorker Client
- Dell System Update
- Dell Wyse Device Agent
- Discord
- exacqVision Client
- Filseclab Twister Antivirus
- FlashFXP
- FortiClient Endpoint Management Server (EMS)
- Git Credential Manager
- JavaServer Faces (JSF)
- JetBrains dotTrace
- JetBrains ETW Host Service
- JfreeChart
- JGraphT Core
- KMPlayer
- Monica Desktop
- PlantUML
- Postman
- Sandboxie Plus
- SketchUp Pro
- SumatraPDF
- Veritas Data Insight
- VIPRE Advanced Security
Elements Foundations
Elements Security Center
As part of our ongoing work to unify workflows in WithSecure Elements, we have introduced changes to Organization Management.
These changes help our Elements Administrators to more effectively manage their environments.
Key features/changes:
- Introduction of device group concept that will lead into group level access management later this year. Group level access management will assist administrators of larger environments to effectively manage access to their assets.
- New Elements level organization view collecting related features into same place and deprecating duplicate views.
The following screens will be removed on April 22, 2025, as this release introduces features that fully replace them:
- Endpoint Protection Accounts tab (all functionalities included elsewhere)
- Management - Collaboration protection views:
- Organizations
- Settings
- Users view replaced earlier by Management / Organization settings /Security Administrators
- Subscriptions view replaced earlier by Management / Subscriptions view
Further details can be found in the Community announcement: Upcoming: New Elements organization management features - WithSecure Community
New Mobile profile editor is now in Production
Improvements to the View Template Selector
The modification has been applied to the View Template Selector behavior in reports. It is now associated with the scope selector chosen, rather than being tied to the logged-in user account.
As an admin I would like to be able to copy the current view:
To copy any view:
- Select desired view.
- Press “Save as …”
- Enter a new unique name.
- Press “Save”.
As an admin I would like to copy the view to company’s organization views section:
Create a view in the partners view (aka SOP view).
- Follow the four steps from the example above.
- In the scope selector select a desired company. (Important!)
- In the view template selector chose a view that needs to be moved to a particular organization/company.
From the three-dot menu select “Move To Organization”, provide a new name if needed and save.
Other items of interest
Threat Advisory: January
Advisory - Git Clone2leak credentials
Technical Summary
Git is a popular version control system used for managing and collaboratively contributing to programming projects. A security researcher has disclosed vulnerabilities in Git components that could be abused to leak credentials of software developers who are using Git.
Due to mishandling of Git messages, an attacker could trick Git into leaking credentials when a user clones or interacts with a malicious code repo, the impacted components of Git are:
Github desktop and Git credential manager, where misinterpreting a carriage return “\r” character allows credentials to be sent to an attacker-controlled server (CVE-2025-23040 / CVE[1]2024-50338).
Git LFS abuse of mishandling of newline “\n” character allows an attacker to have credentials sent to a malicious server (CVE-2024-53263).
Github CLI and Github codespaces permissive credential helpers allowing an attacker to steal authentication tokens by tricking a user into cloning a repo (CVE-2024-53858)
You can sign up to receive the monthly Threat Reports, with full details of these threats.
In case you missed it
Enhanced Device Isolation Capabilities for XDR
We recently introduced enhanded Device Isolation capabilities for XDR. You can find out more at the dedicated article.
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via the Ideas section of the WithSecure Community, now accessible directly from WithSecure™ Elements Security Center.
Further information
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center