Release Notes July 2021

Release Date: 2021-07-29

Version: 4.29-16.0.el7

Important Notice for all HIAB Customers

Last year we changed the way we handle encryption of HIAB backups to increase security, speed and reliability. This has been implemented for encryption and decryption of current backups, however we have kept the legacy decryption function to support older backups.

HIAB Backups will have been using the new method since January 2021. If you have not performed a HIAB backup since January 2021, you should perform a backup to ensure that it can still be decrypted successfully if needed.

The legacy method of decryption will be removed in September 2021. If there is a potential issue with this, please contact Outpost24 Support.

New Features

Farsight 

• In addition to our normal 'Likelihood' risk rating (1 - 38.46) we have now added an alternative risk score - Farsight Risk that provides the customer with a 1-100 risk rating.  Where 1 is no risk and 100 is highest risk applicable to that vulnerability.  This new risk scoring will be available both in the OUTSCAN platform as well as the Portal UI.  Customers are free to use which ever scoring they feel appropriate for their needs but are encouraged not to mix and match.
• Added Farsight Delta to show the most recent deviation in the Farsight Risk score.
• Customers will now require the relevant license to enable Farsight for Container Inspection or Appsec Scale.  If you want to enable this, please contact your respective Account Manager for pricing information.

Cloudsec

• We are pleased to make container inspection generally available for all customers with a Cloudsec license. 

API

• Add findings/{id}/exploits endpoint to REST API
• The following Download Manager End points are now deprecated
  • Report
    • HEAD /reports
    • GET /reports
    • GET /reports/ {key: [-a-f0-9]+}
    • DELETE /reports/ {key: [-a-f0-9]+}
  • Blueprint
    • HEAD /blueprints
    • GET /blueprints
    • GET /blueprints/ {key: [-a-f0-9]+} - Get a blueprint cache entry and generate a token
    • DELETE /blueprints/ {key: [-a-f0-9]+}
  • Download
    • GET /downloads/ {token: [A-Za-z0-9-_.+/=] \{37,}+} - Download a file
• The following download manager end points should be used instead of the ones listed above
  • Download
    • HEAD /downloads
    • GET /downloads
    • GET /downloads/{key: [-a-f0-9]{32,36}} - Get a download cache entry and generate a token for downloading the file.
    • DELETE /downloads/ {key: [-a-f0-9]+}
    • GET /downloads/download// {token: [A-Za-z0-9-_.+/=]+} - Download a file

Detection

• Improved performance when starting scanless scans
• Higher scalability by storing managed reports to Object Storage
• Improved memory consumption
• Added service detection of the SCCP ("skinny") protocol
• Added detection of the FortiWeb administrator interface
• Added support for using "ss" on Linux in authenticated port scans
• Added detection of Netop Vision and Netop Vision Pro
• Added detection for the windows printnightmare CVE-2021-1675

• Added detection for PetitPotam NTLM Relay Attack

Agents

• Windows

• previous version: 1.10.0
• current version: 1.12.4

• Linux

• previous version: 1.10.0
• current version: 1.12.4

• MacOS

• pervious version: 1.9.9
• current version: 1.12.4
  
  

Note

We recommend all customers to update to the latest version of the agent. It contains bug fixes and other improvements.

Bug Fixes and Minor Improvements

• Fixed an issue with how time zone changes where being handled
• Improved reliability with agents with better load balancing and stopping scanning with stopped discovery
• Fixed an issue that would cause some findings to be duplicated, for example OpenSSH
• Fixed trend reports not showing correct rules
• Fixed Delta Excel export
• Fixed counting on amount of targets

• Fixed a bug in filtering when using several parameters for export report

• Fixed a bug preventing the risk factor from showing in the vulnerability database

• Fixed unaccept risk when scheduled to be accepted for a limited duration
• Fixed a bug that would cause exported, zipped reports to not have the .zip filetype, causing issues on unzipping the file
• Fixed an an issue preventing 'add found targets to target groups' check box appearing caused by the new scan discovery window being too small 

• Improved text alignment in SWAT executive summary

• Fixed a bug with excel reports that caused Farsight score showing 0 for exploits when multiple CVE's exist for check
• Fixed internal server error with API call
• Improved detection of PostgreSQL service detection
• Improved detection of, and behavior of rules on Windows 10 20H2
• Improved detection of targets' processor architecture
• Improved detection of the Daytime protocol
• Improved service fingerprinting of unreliable HTTP servers
• Several improvements related to performance, reliability and maintainability of the scanning engine
• Resolved bug where OpenSSH findings in rare cases would be duplicated
• Resolved bug where the default credentials check could occasionally fail on the SMB protocol
• Resolved bug where the incorrect VMware product could be set as installed
• Resolved bugs related to DNS Zone Transfer vulnerabilities 
• Resolved bug where some authenticated SSH commands would not run properly
• Resolved bug where unsafe CVE-2021-31166 check would not run properly
• Resolved a bug that prevented data sovereign agents deployed on windows from returning full scan results

_Copyright

_{© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.}

_Trademark

_{Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.}