Extended Detection and Response
Endpoint Protection
Elements Agent for Mobile update for iOS
We’ve updated the WithSecure Elements Mobile Protection app for iOS (version 25.5.11428) as of April 1, 2025.
It includes the following new features and improvements:
- The app now supports “Allow external DNS” setting
- Improvements to app stability
- Improvements to Safari Extension filtering algorithm
- The network now resets automatically when the DNS setting changes.
Endpoint Detection and Response
Elements EDR - Response views language support
Response views now support all languages available in the Elements Security Center:
- English (US)
- Finnish
- French
- German
- Italian
- Japanese
- Polish
- Portuguese (Brazil)
- Spanish (Latin America)
- Swedish
This enhancement ensures a more inclusive and accessible experience for our global user base.Here is an example of our French localization of Response views.
Exposure Management
We have released updates to Exposure Management with following changes:
- Two new Identity findings are introduced for Entra ID tenants by analyzing the user’s role assignments with corresponding recommendation to review privileged roles and their permissions:
Entra ID tenant has more than 5 global administrators
Entra ID tenant has more than 10 privileged roles
- Recommendation list page (Home => Exposure => Recommendation) has now a possibility to filter recommendations by status value. It is currenlly possible to filter only using one value. Multi-value filtering is coming. By default, list now filters recommendations having status Done.
- Previously, in Elements attack path simulation, MITRE TTPs were linked to the MITRE website, while WithSecure extensions were not linked anywhere. With this update, WithSecure TTP extension IDs in the UI now link to https://ti.withsecure.com, providing direct access to detailed information.
Exposure Management for Business
Exposure Management Portal
We have released an update to the Exposure Management portal, which includes the following changes:
- Resolved an issue in network scan and scan group configuration where the severity condition ignored critical vulnerabilities, preventing email notifications from being sent after a network scan was completed.
- Agent scanning will now be automatically enabled for new devices with Vulnerability Management or Exposure Management subscriptions as soon as they are installed. This means no user interaction is needed to start the scanning process. Devices with other subscriptions will require manual activation for scanning.
- Resolved an issue where user deletions were incomplete, causing access issues for new accounts created with the same email address.
- Resolved a potential vulnerability that could have led to unauthorized access to Scan Nodes.
- Resolved an issue where an insecure direct object references (IDOR) vulnerability in user permissions could lead to privilege escalation.
- Resolved an issue where email notifications from vulnerability scanning were not being sent.
System Scan
Support for detecting vulnerabilities in the following products was added to Authenticated Scanning:
- Absolute Secure Access
- Apache Camel
- Apache Commons VFS
- Dell SupportAssist OS Recovery
- Docusnap
- Duet Display
- Exasol JDBC Driver
- HPE Insight Remote Support
- JetBrains TeamCity
- MetaDefender Core
- MetaDefender ICAP Server
- MongoDB Shell (mongosh)
- Nakivo Backup & Replication
- Paragon Partition Manager
- Privilege Management for Windows
- Progress Telerik Fiddler
- RemotePC
- RustDesk
- SolarWinds Web Help Desk
In addition, the detections of Windows Cumulative updates have now been divided into families. Warning: This change may result in significant change of findings and numbers of CVEs related to Windows Cumulative Updates
Elements Foundations
Elements Security Center
Subscriptions View improvements
We’ve made performance enhancements and added prefix matching to the subscription key filter in the Subscriptions view:
- Subscriptions now load faster.
- Filtering by subscription key is quicker, especially for organizations with many subscriptions.
- You can now filter using a “Starts with” condition to match keys by prefix.
Other items of interest
Threat Advisories
Ruby vulnerabilities (SAML & GraphQL)
Technical Summary
Ruby is a programming language widely used in designing web-facing services and applications.
Recently published advisory contains three vulnerabilities that can be exploited remotely without user interaction. The vulnerabilities are:
CVE-2025-25291/ CVE-2025-25292 : Authentication bypass in the ruby-saml library. An attacker with access to a valid signed SAML document from an Identity Provider (IdP) could impersonate or authenticate as another user.
CVE-2025-27407: Remote code execution in the Ruby GraphQL library. An attacker could exploit this by transferring a maliciously-crafted project via the Direct Transfer feature.
Advisory – Oracle Cloud Compromise
Summary
Since Friday 21st March, Our Threat Intelligence team has been monitoring a claim that an exposed vulnerable Oracle cloud subdomain was compromised in a large supply chain attack impacting up to 140,000 victims.
Such claims (of varying magnitude) are relatively common across deep and dark web forums and social media. By looking at the reputation and “reliability” of the threat actor, evaluating what limited data or information the offending actor may have shared about the breach as proof of veracity and what statements the victim company has made help us to pass assessment on the legitimacy of the claims posed by the threat actor.
You can sign up to receive the monthly Threat Reports, with full details of these threats.
In case you missed it
We will soon be removing some older Organization Management screens in Elements Security Center. You can find out more in the dedicated community article.
Share your ideas with us
Our purpose is to co-secure the world with you – now as WithSecure™. To co-create the best possible cyber security products and services, we warmly recommend you share your ideas via the Ideas section of the WithSecure Community, now accessible directly from WithSecure™ Elements Security Center.
Further information
Changelogs and Release Notes for all parts of WithSecure™ Elements can be found at the Help Center
