Monthly Release Notes - September 2023

Jump to:

Automate Beyond Security Boldon James Bytware
CCSS Clearswift Cobalt Strike Core Security
Digital Defense Digital Guardian Document Management (RJS) FileCatalyst
Globalscape GoAnywhere Halcyon HelpSystems One
IBM Partnership Insite InterMapper JAMS
Outflank Security Tooling Powertech Robot Safestone
Sequel Showcase Skybot Tango/04
TeamQuest Titus Vera  

 

CCSS

QMessage Monitor

Version 9.01

September 5, 2023

Enhancements

  • Incorporated an interface to allow integration with ServiceNow's REST API.

  • All copyright statements match Fortra branding.

  • Renamed Mm32.exe to Console.exe to accurately reflect its purpose. Versions of the old executable should be deleted.

  • Renamed SysMaint.exe to Maintenance.exe to accurately reflect its purpose. Versions of the old executable should be deleted.

  • Incorporated LoadLicense module into the SYSMAINT module, to match Robot Monitor.

  • Updated license agreement.

  • Updated license key style.

  • Updated style of Console and Maintenance graphical user interfaces. Updated Help text to match.

  • Included new Audit Journal codes introduced with IBM i 7.4.

  • Included Audit Journal codes introduced with IBM i 7.5.

Fixes

  • Fixed issue with MMAUDJRN queue stuck in 'Starting' status.

  • In certain circumstances with MMAUDJRN filters, if a message ID had an exclude 'E', and then was changed to an include 'I', an entry was not correctly created for the include 'I' when a relevant message was generated. This issue has been fixed.

  • PC to host partition communications are now encrypted.

  • The Work with Job function within QMessage Monitor does not work with Access Client Solutions (ACS).

Back to Top

 

Cobalt Strike

Cobalt Strike

Version: 4.9

September 19, 2023

New Features

  • Authorization files are no longer backwards compatible.

  • Changed Post-Ex DLL's to use prepended loaders (sRDI/Double Pulsar).

    • Implemented in browserpivot, hashdump, invokeassembly, keylogger, mimikatz, netview, portscan, powershell, screenshot, and sshagent.

    • Added Aggressor hooks for applying UDRLs to post-ex DLLs (POSTEX_RDLL_GENERATE).

    • Added support for transform.strrep to post-ex DLL Processing.

    • Added post-ex.cleanup malleable C2 profile property.

    • Added smart-inject pointers to the POSTEX_RDLL_GENERATE hook.

  • Added Beacon without the exported ReflectiveLoader function to support the prepended UDRLs (sRDI/Double Pulsar).

    • The BEACON_RDLL_SIZE function default changed from 0 to 5k.

    • When the BEACON_RDLL_SIZE returns 0, then a Beacon without the reflective loader is passed to BEACON_RDLL_GENERATE and BEACON_RDLL_GENERATE_LOCAL hooks.

  • Added Beacon User Data to pass user specified information via UDRL.

    • Added support for syscall functions addresses/numbers.

    • Added a user specified field to Beacon User Data.

    • Added BOF API function to get the pointer to the user data.

  • Added data-store command to store BOFs and .NET assemblies in the beacon Data Store.

    • Added the aggressor script functions for supporting the beacon Data Store.

    • Added BOF API functions to access and protect stored items in the beacon Data Store.

  • Support spawning processes under the impersonated user security context.

  • Added DuplicateHandle, ReadProcessMemory, and WriteProcessMemory system calls in beacon.

  • Added Malleable C2 Profile definition of Host Profiles to customize the uri, header, and parameter attributes of the HTTP(S) get/post to be host specific and dynamic.

  • Added callback support to aggressor script functions: bnet, beacon_inline_execute, binline_execute, bdllspawn, bexecute_assembly, bhashdump, bmimikatz, bmimikatz_small, bportscan, bpowerpick, bpowershell, and bpsinject

  • Added support for a HTTP(S) beacon based on the WinHTTP library.

    • Added .http-beacon.library Malleable C2 setting to specify the default beacon http library type (wininet|winhttp).

  • Added aggressor script support for sending/receiving data between clients.

  • Added BOF APIs to access the key/value store in beacon.

  • Added BOF API to retrieve the sleep mask information.

  • Added Malleable C2 sleep setting to match the sleep command syntax.

Fixes

  • Fixed Malleable C2 strrep setting issues with sleep mask BOF.

  • Fixed Malleable C2 headers_remove setting.

  • Fixed Malleable C2 http-config.headers setting with Content-Type option adds "Content-Type: null" header.

  • Fixed c2lint syntax highlighting when data jitter and append are used.

  • Fixed steal_token command to open a process that is protected.

Back to Top

 

Digital Guardian

Agent for Linux

Version: 7.4.0

September 1, 2023

New Features

  • File Capture to Network Storage

Note: This feature requires a subscription to DG Analytics & Reporting Cloud (DG ARC) and is enabled only after a successful connection to DG ARC is established from the DGMC.

This release includes the ability to capture files to network storage. For instructions on how to configure and use this feature, refer to "Capturing Files to Network Storage" in Digital Guardian Management Console User's Guide and "DG File Extractor Utility" in Digital Guardian Utilities Guide

Enhancements

  • OpenText Autonomy Upgraded to Version 12.9

The Agent now uses OpenText (formerly Micro Focus) Autonomy 12.9 to support content inspection. The enhancement brings the Agent to parity with Agent for Windows.

  • Enhanced Operation for WIP Auto-Skip Feature

The WIP Auto-Skip feature on Agent for Linux now functions the same way as on Agent for Windows. Refer to “DG WIP Auto-Skip Feature” in Digital Guardian Installation and Upgrade Guide.

Fixes

There are no resolved customer-reported issues in this release.

Analytics & Reporting Cloud

Version: 4.5.0

September 6, 2023

New Features

  • Added Download Attachments Option on Incident Details Workspace

When you are working with one or more incidents in the Incident Details WS, you can now download the files attached to the incidents. The Download Attachments option downloads the files as a ZIP archive to a location you specify.

  • Added a <Repeat> XML Tag Option for Email Templates

To provide more flexibility in email templates, a new Repeat option is available when you create or edit an email template. Clicking Repeat adds the <repeat> </repeat> XML tags to the subject line or body of the template. Adding the tags allows the template to return variables, such as source file name, for multiple incidents in the email automatically.

Enhancements

  • Reconfigured the Incident Details Workspace

To ease using the Incident Details Workspace to investigate and analyze events, updated the organization and content to provide more direct access to information about the incident, including the ability to download files attached to the incident.

Fixes

  • Resolved an issue where the Insights Workspace does not display the central graph when there is a large number of classified files reported.

  • Resolved an issue where the intended recipients do not receive detection rule email alerts when the alert email uses a customer’s custom email template.

  • Resolved a problem in a customer’s enterprise where they were seeing computers in reported events that were missing policy names, and some alarm names reported as unknown, on the details pane for an event.

  • Resolved an issue where a customer found that a filter to exclude certain events by Policy Name unexpectedly excluded events that did not involve rule violations.

  • Resolved an issue where the columns in the tables on the Incident Details workspace displayed a sort indicator arrow where sorting is not supported.

Version: 4.4.0

August 26, 2023

Features

There are no new features in this release.

Enhancements

This is a maintenance release. It includes enhancements for stability, usability and performance.

Fixes

This release does not include any fixes for customer-reported problems.

Back to Top

Agent for Windows

Version: 7.9.3

Sep, 2023

Fixes

  • A BSOD with bugcheck "ATTEMPTED_SWITCH_FROM_DPC (b8)" was seen when the agent displayed prompts on some network events. However, this issue has now been resolved. problem arose because DGWIP was initiating buffer inspections for all logs and diagnostics that Google uploaded to their servers. This issue has been resolved now by identifying the URLs associated with these buffer uploads and excluding them from buffer inspection.

  • During the installation or upgrade of DGAgent, certain agent DLL files undergo ACL/access permissions updates. Previously, this process encountered issues on systems with a non en-US foreign language locale set for display language and for the Windows welcome screen. However, this problem has now been resolved.

  • When a system allows multiple users to log in, there is a scenario where the DGAgent will attempt Content Inspection on a file using incorrect access permissions. This issue has been resolved now.

  • A customer encountered an issue while using a web browser and attempting to print a network-based file (i.e., a file with a URL starting with https://). They noticed that when using the "Microsoft Print to PDF" printer option, the printed file's size was reported as 0 bytes in the Print Event on the DGMC's Local Forensic page. As a result, any rule utilizing the DG_CaptureFile function failed to capture the file due to its zero length.

    To resolve this issue, a fix has been implemented in the DGAgent. However, it is necessary for the customer to define a specific rule for cases involving the USER_FILE_PRINT event, where they intend to have DG_ FileCapture capture the file when the selected printer type is "Microsoft Print to PDF." For this particular rule, the "Run Rule after operation" setting must be configured as "YES."

  • The problem of customers encountering a crash dump while closing PowerPoint or Microsoft Project has now been successfully resolved.

  • After a customer carries out a cut operation from a file that has a permanent classification tag and subsequently closes that file, the following sequence of actions occurs: If the customer later opens a new file for editing, minutes after the initial action, and then pastes text taken from the first file, subsequently executing a cut of that pasted text and pasting it into yet another new file; when the final file is saved, the customer anticipates utilizing DGCIApp.exe to inspect the linked Alternate Data Stream (ADS). However, in this instance, the anticipated permanent tag is not present. The DGAgent has been fixed and this issue is now ensuring the tag is now present

nDLP Appliance

Version: 11.9

October, 2023

New Features

  • In release version 11.9, a new system log category called "Incident Activity" has been introduced. This category records any actions taken on an incident, such as viewing, viewing the original file, or downloading it. When logging incident activities, it includes the administrator's name who performed the action.

  • The ARC user interface now provides extra details regarding email senders. To access this additional information for email events, it's necessary to configure the Appliance manager instance with LDAP integration.

  • The appliance has been upgraded to incorporate Microsoft Purview/MIP SDK version 1.13

  • The nDLP Appliance release version 11.9, has implemented new age cryptographic algorithms for its internal communication and data management. All system-wide credentials will now be stored using the Argon2 algorithm, renowned for its exceptional security and resistance to tampering.

  • With the introduction of this new feature in release version 11.9, the Appliance now offers seamless support for LDAP users registered within LDAP groups. Administrators can grant access to LDAP users by registering LDAP groups in the Appliance Administrator settings and assigning them the appropriate roles. Once an LDAP group is registered, the Appliance enables all users within that group to log in and access resourcesbased on their assigned roles.

Back to Top

Document Management (RJS)

SignHere

Version: 1.7.1

September 14, 2023

New Features

  • Added feature to allow multiple file filters to be defined, each with their own set of predefined annotation locations.

  • Added date, time, and user auto population to all annotation types.

Enhancements
  • Updated Annotation definition Load/Save process adding error handling and logging.

Back to Top

 

GoAnywhere

GoAnywhere MFT

Version 7.3.1

September 25, 2023

Enhancements

  • Enhanced the efficiency of the query for Recent Completed Jobs Dashboard Gadget and Rest API Endpoint.

  • Enhanced the efficiency of the query for Unresolved Jobs Dashboard Gadget and Rest API Endpoint.

  • Added a 'Sign In With SAML SSO' button to Web Client login page when Force IdP is enabled on the listener.

  • Added the ability to allocate more memory to the JVM for Docker instances.

  • Removed unnecessary logging when viewing completed jobs from a deleted project folder.

Updates

  • Updated Guava from 31.1-jre to 32.1.2-jre.

Fixes

  • Fixed an issue with the Service Level Agreement condition not registering as being met in a clustered environment.

  • Fixed an issue where jobs that were canceled during shutdown of the application would not be included for Unresolved Jobs Gadget and Rest API Endpoint.

  • Fixed an issue preventing new web user passwords from being emailed when created through GACMD.

  • Fixed an issue in the Export Certificate Keys API that prevented certificate keys residing in the System key vault from being exported.

  • Fixed an issue that prevented MQ tasks from working when submitted to batch.

  • Fixed an issue with the ICAP client which caused ICAP connections with certain ICAP servers to hang.

  • Fixed an issue that caused upgrades to fail if the default brand was deleted.

GoAnywhere Agents

Version 2.1.2

September 25, 2023

Updates

  • Updated the IPWorks license in Agents.

  • Added the gateway-client jar to fix an issue with proxied resource connections.

Open PGP Studio

Version 1.2.2

September 11, 2023

Updates

  • Updated installer to reference 'Fortra' instead of 'HelpSystems.' This includes the default installation directory.

  • Updated installer and uninstaller logos to display Fortra branding.

  • Updated application branding to display Fortra instead of HelpSystems.

  • Updated license agreement.

  • Upgraded Java from 17.0.3 to 17.0.8+7.

  • Updated Bouncy Castle libraries from version 1.0.5 to 1.0.7.1.

  • Removed unused JCE policy files.

Back to Top

 

Halcyon

Exit Point Manager

Version 7.0

September 14, 2023

(PTF: 2023.109.1)

NOTE: This release is only compatible with IBM i 7.2 and above.
Fixes

  • Hold Rule (HLDRULE) and Release Rule (RLSRULE) Actions no longer error.

HA-MX Monitor

Version 7.0

September 14, 2023

(PTF: 2023.109.1)

NOTE: This release is only compatible with IBM i 7.2 and above.
Fixes

  • Hold Rule (HLDRULE) and Release Rule (RLSRULE) Actions no longer error.

Level 1 Message Management Suite

Version 7.0

September 14, 2023

(PTF: 2023.109.1)

NOTE: This release is only compatible with IBM i 7.2 and above.
Fixes

  • Hold Rule (HLDRULE) and Release Rule (RLSRULE) Actions no longer error.

Level 2 Systems Operations Suite

Version 7.0

September 14, 2023

(PTF: 2023.109.1)

NOTE: This release is only compatible with IBM i 7.2 and above.
Fixes

  • Hold Rule (HLDRULE) and Release Rule (RLSRULE) Actions no longer error.

Level 3 Advanced Automation Suite

Version 7.0

September 14, 2023

(PTF: 2023.109.1)

NOTE: This release is only compatible with IBM i 7.2 and above.
Fixes

  • Hold Rule (HLDRULE) and Release Rule (RLSRULE) Actions no longer error.

Level 4 Operations Center Suite

Version 7.0

September 14, 2023

(PTF: 2023.109.1)

NOTE: This release is only compatible with IBM i 7.2 and above.
Fixes

  • Hold Rule (HLDRULE) and Release Rule (RLSRULE) Actions no longer error.

MQ Manager

Version 7.0

September 14, 2023

(PTF: 2023.109.1)

NOTE: This release is only compatible with IBM i 7.2 and above.
Fixes

  • Hold Rule (HLDRULE) and Release Rule (RLSRULE) Actions no longer error.

Back to Top

 

IBM Partnership

Backup, Recovery, and Media Services (BRMS)

Version: PTF 7.5 SI84133, 7.4 SI84132, 7.3 SI84131

September 7, 2023

Enhancements

In version 7.5:

  • BRMS introduces a new SQL service for BRMS functional authority user administration support. See the BRMS wiki for more information at https://ibm.biz/brms-enhancements.

In versions 7.3 and later:

  • BRMS has been enhanced to support the new 3592-70F tape drive with *FMT3592A7 and *FMT3592A7E densities.

Fixes

In version 7.3 and later:

  • Issue where FlashCopy timestamps are not applied to DLO backups, causing the recovery report to not include the latest backup of library QUSRBRM has been fixed.

 

Back to Top

 

JAMS

Version: 7.6.1

September 19, 2023

Fixes
  • Desktop Client
    • Resolved an issue with the Unzip option when transferring a file.
    • Resolved an issue where the SQL Query Sequence Task may run twice in a Sequence Job.
    • Resolved an issue where the Oracle Query Sequence Task was executing twice at runtime.
  • PowerShell
    • Resolved an issue where the JAMS PowerShell module displayed the incorrect version number after an upgrade.
  • Scheduler
    • Resolved an issue where releasing an entry from prerequisites initiated by another entry could result in the JAMS Scheduler reporting SQL transaction errors.
    • Resolved an issue that may occur when the number of Jobs per day for the license or for the tenant configuration are exceeded.
    • Resolved an issue where Runaway or Stalled Events may cause the JAMS Scheduler to become unresponsive.
    • Resolved an issue that could cause the JAMS Scheduler to fail if it exceeded 2GB of memory.

Back to Top

 

Outflank Security Tooling (OST)

Outflank

6 September 2023
Knowledge Sharing
  • Added Tech Deep Dive video on Stage 1 automation
  • Added Tech Deep Dive video on Windows Kernel Drivers

Back to Top

 

Powertech

BoKS Manager

Version 8.1 (version update)

September 11, 2023

Server s-8.1.0.6
New Features

  • New options have been made available in cadm to fetch version numbers for BoKS packages.

  • A new ‘update-hash’ flag has been added within ‘boksrule –modify’ to re-calculate the hash value.

Fixes

  • The adsync.pl script no longer fails if any variable contains a space.

  • The adsync.pl script no longer fails with an “Unknown argument ‘S’ for ‘-D’ option” error.

  • Using the wildcard search function in the database index no longer generates erroneous results.

  • A race condition in the brproxymd process modifying the list of Replicas resulting in high CPU usage on the master has been fixed.

  • An incorrect Access Rule hash when restoring boks_bru backups from pre-8.0 versions has been fixed.

  • Password Manager no longer generates passwords of incorrect length.

Client c-8.1.0.10
New Features

  • Sudo -E and --preserve-env=list support has been added.

  • New options have been made available in cadm to fetch version numbers for BoKS packages.

Fixes

  • Uninstalling rpm on AIX now prints warnings about failing to remove system directories.

  • Installing rpm on AIX now prints warnings about failing "ln" commands.

  • BoKS boot speed when working with SELinux and multiple log files has been improved.

Back to Top

 

Titus

TCS for Google Workspace

Version 2023.05 HF2

September 15, 2023

Fixes
  • Fixed issue with the Classification Selector icon not appearing in Google Calendar, Docs, Drive, Sheets, and Slides.

TCS for Google Workspace (on-premises)

Version 2020.0 SP1 HF11

September 7, 2023

Fixes
  • Fixed issue with the Classification Selector icon not appearing in Google Calendar, Docs, Drive, Sheets, and Slides.

Back to Top

 

Vera

Version 3.22.5

September 2023

Fixes

  • (Vera SDK) Updated the Vera SDK with the newer and stable Curl 8.0.1 library to consume all recent changes and bug fixes made available in Curl.

Version 3.22.4

September 2023

Fixes

  • (SaaS) Made enhancements to the AD validation query.

  • (Windows Client) Fixed an issue where, even if the Copy/Paste object was set to "Don't Allow" in the policy settings, the feature (Copy/Paste object) was still available in the Edit mode of Nitro Pro PDF.

  • (Windows Client) Fixed an issue where the Vera watermark was not clearly visible when using Nitro PDF.

  • (Windows Client) Fixed an issue where a secured Outlook attachment and Office file were saved as an unsecured file with the recent Office builds.

Back to Top