Copyright

© 2021 Outpost24® All rights reserved.

This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Release Date: 2021-03-30

Version: G4.25.13.0


New Features

NetSec

  • Added Farsight threat intelligence as a source to enrich the vulnerability exploit available.  From this release you will see additional vulnerabilities being flagged as having exploits available at no additional cost to your organization. In addition, all vulnerabilities have been assessed against the Farsight threat intelligence feed and additional links to the exploit information have been added, and will be visible for Farsight customers.
  • We are pleased to announce the availability of a beta version of the agent for MacOS running on intel platforms.  If you are interested in using this please contact your sales representative in the first instance.

Farsight

  • Added a new column 'Threat Activity' - this provides an indication as to when the Farsight threat intelligence model saw activity of note in the threat community relating to this vulnerability. Customers can use to it create a risk model that takes into account the age of the last seen threat activity to allow a focus on more recent vulnerabilities of interest, for example, lowering the risk of vulnerabilities where threat activity is greater than 90 days old. However, we caution customers against ignoring these vulnerabilities completely, especially where known exploits exist and are present on exposed assets. For more information please see the Farsight documentation in the Knowledge base.
  • Added exploit links to the exploit available information on a vulnerability taken from the Farsight threat intelligence feed. These links will only appear for customers with an active Farsight subscription.
  • General improvements to the performance of the Farsight integrations have been made.  

CIS Compliance

  • Released a new policy for CIS Microsoft Windows 10 Enterprise Release 20H2.

Bug Fixes and Minor Improvements

NetSec

  • Fixed a bug that could cause rare URL loop on the login form when an account timeout occurred.
  • Fixed a bug on HIAB that could prevent all associated scan, schedule and target data being deleted when an account was removed as opposed to performing a full reset.
  • Fixed an issue where performing a DNS lookup on an already added target was not returning any results.
  • Fixed an issue with SAML SSO that erroneously used SHA-1 as part of the encryption process. 
  • Fixed an issue with agents that caused an unexpected number of results to be returned during discovery.
  • Added detection for MobileIron.
  • Added detection for the Accellion FTA products.
  • Added detection for the Telerik UI for ASP.NET AJAX.
  • Added detection for the Symantec Messaging Gateway.
  • Added detection for Draytek Vigor.

AppSec

  • Fixed a rare bug that caused duplicate Appsec Scale scans to be triggered immediately after a schedule scan had finished.