Monthly Release Notes - March 2023
Cobalt Strike
Cobalt Strike
Version: 4.8
March 7, 2023
New Features
-
Added support for beacon to use system calls.
-
Added new Malleable C2 profile setting stage.syscall_method to set the default system calls method.
-
Added support for picking the system call method at payload generation time.
-
Added support for system calls within sleepmask kit.
-
Added beacon command (syscall-method) to change the syscall method used at runtime.
-
Added patching support to powerpick (bpowerpick) and execute-assembly (bexecute-assembly) for ETW blinding, etc...
-
Added support for beacon guardrails (IP address, user name, server, and domain).
-
Added token store to allow token hot swapping of tokens.
-
Added script ('clearteamserverdata') to help reset team server.
-
Added exit function support to Windows Executable Stageless dialog.
-
Added support to chain multiple commands in a single Mimikatz call.
-
Added support to copy/paste from beacon output pane.
-
Added warning dialog to Spear-Phishing process.
Enhancements
-
Updated Sleep Mask size limit from 8192 to 16384 bytes.
-
Updated 'pth' command to accept a username with spaces in it.
-
Updated teamserver to check authorization expiration daily.
-
Updated stage.obfuscate malleable C2 option to use more robust encryption.
-
Display current token in the UI.
-
Make setting sleeptime more flexible (support seconds, minutes, hours, and days).
-
Sychronize teamserver data during startup (screenshots, keylogs, downloads, and hosted items).
-
Store screenshot and keylogging data on teamserver for subsequent syncing.
-
Allow deleting of downloaded files.
-
Updated Mimikatz to version 2.2.0 20220919.
-
Rebranded Cobalt Strike parent company from HelpSystems to Fortra.
-
Change default naming convention on payload generation dialogs to include bitness (_x86/_x64).
-
Miscellaneous java dependency updates for security.
Fixes
-
Fixed typo in Generate All Payloads dialog.
-
Fixed Pivot beacons not showing as connected after reconnecting.
-
Fixed unresponsive DNS beacons after a teamserver restart.
Document Management (RJS)
DeliverNow
Version: 1.2.19
March 9, 2023
New Features
- Added PDF Compressor output option.
- Added ability to send test emails from administrative interface.
Enhancements
- Added additional configuration settings for TLS and expanded the logging to include an option to generate a full report of mail server communication.
GoAnywhere
GoAnywhere MFT
Version 7.1.3
March 9, 2023
Enhancements
-
Updated the Fortra License agreement
-
Updated the SFTP client to be compliant with RFC-4253
-
Updated attributions file.
Fixes
-
Fixed an issue that prevented queued jobs from being processed if a queued job was restricted to a specific system and that system was down or the system was up, but the name had changed.
-
Fixed an issue that occurred when attempting to view audit log details from the Trigger Log page.
-
Fixed an issue where users were unable to log in or save an edited user due to a resource being used as a WebDocs directory.
-
Fixed an issue in Resource Change History that prevented changes from being audited.
-
Fixed an issue involving Web User default secure mail password.
-
Fixed an issue where SAML authentication was mishandling newline characters.
-
Fixed an issue with the GoAnywhere upgrader where the embedded Derby database would fail to upgrade when upgrading GoAnywhere from a version before 6.3.0.
-
Fixed an issue where the database connection pool was not respecting configured values related to pool size.
GoAnywhere Gateway
Version 3.0.1
March 7, 2023
-
Updated the attributions file for Fortra rebranding.
-
Updated the GoAnywhere Gateway license agreement for Fortra rebranding.
-
Added configurable trust settings.
-
Fixed an issue with license responses.
Outlook Plugin
Version 3.3.0
March 14, 2023
-
Added the ability for users to use GoAnywhere Mail Templates from Outlook plugin.
-
Added multilingual support in the Outlook plugin. The plugin currently supports English, Spanish, German, French, Japanese, Chinese, Danish, Dutch, Hungarian, Italian, Indonesian and Portuguese.
Halcyon
Network Server Suite
Version 11.3
March 9, 2023
New Features
-
Enterprise Console: Users can now reset their status when they log on after their connection terminated unexpectedly.
-
Enterprise Console: A new section has been added to Device Manager to allow SNMPv3 Users to be maintained.
-
Windows 11 is fully supported.
Enhancements
-
Enterprise Console: The total number of alerts and actions can now be viewed within Enterprise Server Options.
-
Enterprise Console: Users can now view archived alerts which were written to *.eca files in previous versions of the software.
-
Enterprise Console: The Device Manager user interface has been modernized.
-
Enterprise Console: Several redundant SNMP properties have been removed from Device Manager.
-
Enterprise Console: Two new buttons have been added to the device filtering selection when viewing closed alerts to enhance device selection.
-
Enterprise Console: The default connection timeouts within Device Manager have been decreased to thirty seconds.
-
Enterprise Console: Generic failed login messages are now displayed within the Enterprise Console.
-
CCM: A new JAMS template has been added to the default set of templates.
-
CCM: The new VIOS Monitoring v2.0 template has been added to the default templates file (Default.csf). On a new install, the template will be listed underneath the AIX templates group. For upgrades, the templates might need to be imported for it to be displayed.
-
NSS: The NSS Trap Receiver has been enhanced to support SNMP v3.
-
Windows Agent: Windows agents can now continuously monitor for up to 48 hours if there are connection issues to CCM.
-
Unix Agent: UNIX agents will now continue monitoring for up to 48 hours without confirmation from CCM that they are still authorized to run.
Fixes
-
Enterprise Console: The content of Instant Alert message actions will no longer revert to the default settings when the service restarts.
-
Enterprise Console: Emails are no longer duplicated when you have a message type of 'Default' as well as 'Email' selected on an Instant Alert Message action.
-
Enterprise Console: Sending an ad hoc email from the client now includes alert comments.
-
Enterprise Console: An issue where false positive Ping Monitor failures were sent to windows servers after upgrading from version 10.3 has been resolved.
-
Enterprise Console: Messages written to the ActionMonitor.hlf file, for command actions, now have substitution variables resolved as expected, if used.
-
CCM: Fixed the issue "Error Retrieving SystemUpTime Integer Value From ServerData" when adding a CPU, Filesystem and Memory criteria within Linux agents.
-
CCM: The ability to test criteria for Unix agents from CCM has been reinstated.
-
CCM: Following an update to software components, a fix has been applied to convert milliseconds to seconds when executing TCP criteria for Windows agents.
-
NSS: The NSS installer can now be launched directly from a root directory.
-
Windows Agent: Auto-closing of alerts in the Windows agent was sometimes delayed. This has been fixed.
-
Windows Agent: The NSS Windows Agent installer no longer interacts with the Restart Manager to prevent the 'Files In Use' dialog from displaying a long list of unrelated applications.
-
Unix Agent: Fixed an issue within Unix agents with malformed reporting records allowing Advanced Reporting Suite to seamlessly collect this data.
-
Unix Agent: The NSS Unix Agent's Log File monitor has been enhanced to handle log file entries with special characters to avoid reading errors such as "utf-8 codec can’t decode byte 0xc3".
-
AIX Agent: Multiple criteria now load correctly for the AIX Error Report monitor.
-
AIX Agent: The NSS AIX Agent has been updated to ignore connections from port scanner applications.
-
Linux Agent: Since version 11.2 the Linux version of HALUSM has interrogated the process table at the thread level. This meant that a very small number of applications which assigned threads names with embedded spaces could trigger parsing errors. From version 11.3, HALUSM is more robust against this behavior in its interrogation of the process table content.
-
Linux Agent: A fix to the parsing of facility specifiers for syslog (for example the argument to the "-s" option) means that they are now be interpreted as intended, even if specified in lower case or with the "LOG_" prefix missing.
Task Supervisor
Version 4.3
March 9, 2023
New Features
-
Users are now able to delete Owners, Resources, Schedules and Ad Hoc Schedules. A second confirmation message will be displayed prior to deleting all data relating to the record being deleted.
-
The Task Supervisor web site has been enhanced to use the https protocol.
-
Windows 11 is fully supported.
Enhancements
-
Transport Layer Security (TLS) 1.2 support has been added to the installer for connections to Microsoft SQL Server.
-
A security update has been actioned to prevent Cross-Site Scripting (XSS) attacks.
-
A security update has been actioned to show generic failed login messages.
-
The web application has been enhanced to prevent cross-site request forgery.
-
The filtering on the Scheduled Tasks page has been enhanced.
-
The SMTP Components used to send email messages have been updated and now support SSL/TLS.
-
Password recovery now uses generic messages.
-
The web application has been updated to target .NET Framework 4.6.2 which addresses security vulnerabilities.
Fixes
-
Fixed an issue with minute recurring scheduled tasks failing to take daylight savings into account.
-
Fixed an issue with date selection jumping when viewing scheduled tasks.
-
The "Tasks Outstanding" report no longer includes minute recurring tasks that were deleted.
-
Fixed an issue when adding a new task if the first group has no schedules defined.
-
The Task Supervisor installer can now be launched directly from a root directory.
Code Uploader
Version 11.3
March 9, 2023
Fixes
-
Fixed timeout issues reported against license codes that were correctly applied on the IBM i.
IBM Partnership
Backup, Recovery, and Media Services (BRMS)
Version: PTF 7.5 SI82234, 7.4 SI82233, 7.3 SI82232
March 14, 2023
Enhancements
In version 7.3 and later:
-
BRMS SQL services have been added for BRMS Networking, Maintenance Policy functions, and copy control group support. These new services give users SQL procedures to set up a BRMS network, control maintenance options run by control groups, and procedures to copy control groups. See the BRMS wiki for more information at BRMS Enhancements.
-
The BRMS recovery report has been enhanced with attention block instructions to maintain the authority of customized output queues in library QUSRSYS during a disaster recovery.
-
BRMS support for 3592-70F tape drives and media with new *FMT3592A7 and FMT3592A7E densities has been added.
-
BRMS maintenance has been enhanced to clear unused fields in the BRMS media record.
-
The BRMS shipped cloud lists named QCLDIPL, QCLDIPLDIR, and QCLDOMTUSR have been updated to support Digital Certificate Manger (DCM) environments. Any existing user entries in these lists will be cleared as these lists are rebuilt when the PTF is installed.
Fixes
In version 7.3 and later:
-
Issue of RSTLIBBRM with SAVLIB(*RSTLST) ENDOPT(*UNLOAD) may not unload all the volumes when the restore list has a mixture of parallel and serial saved items fixed.
-
Archive control groups using the same object list for multiple IASPs may not storage free the archived objects and report message MSGCPF2105 has been fixed.
-
The message replacement text for MSGCPF9801 may contain an extra '*' character was corrected.
-
Issue when IASP FlashCopy support fails to synchronize the reference date and time information for IFS backups to the target system has been fixed.
-
Fixed problem where using BRMS menu options to restore objects may incorrectly report message MSGCPF94FC.
JAMS
Version: 7.5.2
March 15, 2023
New Features
-
Integrations
- Added a new Execution Method to run Workflows in Automate Plus/Ultimate from JAMS.
Enhancements
-
Desktop Client
- Added support for searching for Execution Methods.
Fixes
- Agents
- Improved the connection reliability to Agents under heavy load.
- Resolved an issue where the AgentD state may be shown as Idle when authentication has failed.
- Desktop Client
- Resolved an issue where a Sequence Job with a recurrence and a resource dependency may stay in Waiting for Resources state when the Resource quantity changed.
- PowerShell
- Resolved an issue with Set-JFSLocation where it would send a file to the root folder.
- Updated the Jobs based on the PowerShell Execution Methods to correctly load the SMO or SQL modules.
- Scheduler
- Updated the initialization process for the JAMS Scheduler to prevent exceptions.
- Updated the behavior of the concurrent Job limit detection to apply consistently in all scenarios.
Powertech
BoKS Manager
Version 8.1 (version update)
March 20, 2023
New Features
-
Added a new access method, SUDOLISTOTHERS and provided support for listing other users' sudo permissions on a host.
Enhancements
-
OpenSSL library upgraded to 1.1.1t.
Fixes
-
A fix has been applied to allow groupadm to modify the modification comment.
Fixed an issue where the chroot setting didn't work in access rules for SSH subsystems (for example, SFTP) when using privilege separation in boks_sshd.
-
Fixed a security issue when kslog is enabled for BoKS SSH.**.
Powertech Antivirus for IBM i
Version 8.09
March 3, 2023
Enhancements
-
Anti-Ransomware Protection now supports exit program integration, allowing the use of multiple exit programs for file servers.
-
Improved the anti-ransomware functionality to detect ransomware attacks if the ransomware additionally encodes files with Base64 encoding after encrypting them.
-
Improved anti-ransomware messaging to include the IP address of systems causing suspicious activity.
-
Separated the user block/unblock functionality from "Work with User Overrides" menu option and corresponding command into a separate "Work with Blocked Users" menu option and AVWRKBLK command.
-
Functionality corresponding to the WGET utility is now shipped with the product. Users no longer need to install the open-source WGET utility to download DAT updates via HTTP or HTTPS.
Updates
-
Renamed file-access-and-encryption pattern detection mechanism to 'APEX' (Access Pattern and Encryption Activity Extended Detection).
-
Updated the anti-ransomware menu options to better represent the functions of each option.
Fixes
-
Fixed an issue where the anti-ransomware was not triggered for canary files that were located in the root directory of the IFS.
-
Fixed an issue where changing the on-access scan setting from *OPEN to *OPNCLO caused an error.
-
Fixed an issue that could cause the product to not function if both valid and invalid license keys were entered.
Robot
Robot Monitor
Version 15.02
March 8, 2022
Enhancements
-
Assure MIMIX 10 monitors are now included in the GUI software.
-
Created a new job, MONDMMX2R, to collect data for the new Assure MIMIX 10 monitors.
Fixes
-
Fixed minor threshold issue for Default Threshold for MQ Queue Depth. “Replace all values with defaults” button can be used to fix an existing threshold.
-
Added an ASP Group parameter to the User Data Collection Job screen.
Sequel
Sequel Data Warehouse Client
Version: 8.3.2902
March 16, 2023
Fixes
-
Fix for handling of rule properties where an External Call is bypassed.
-
Fix for validation of Boolean parameter in User-defined Function creation.
-
Correction to Data Set name validation in certain circumstances.
Sequel Data Warehouse Server
Version: 8.3.03
March 16, 2023
Fixes
-
Extract error report did not always list date conversion errors correctly. See Note 2.
-
Correction to Group Export for Scripts when Export Groups are linked to Projects.
-
Correction to extract program generation where multiple run-time parameters are used in SQL select predicate. See Note 2.
TeamQuest
Administration Console
Version 11.4.5
March 7, 2023
Enhancements
-
Upgrade Administration Console to Apache HTTP version 2.4.55
Automated Analytics
Version 11.3.32
March 7, 2023
Enhancements
-
Upgrade Automated Analytics to Tomcat 8.5.84
-
Upgrade Automated Analytics to Groovy 3.0.14
-
TLS Support for Prometheus module in Automated Analytics
-
Replaced standalone Automated Analytics installer with RPM. See How to transition from Standalone Automated Analytics into the RPM version
Fixes
-
Automated Analytics TeamQuest module "Performance Monitor/Disk Summary/Used" metric for Windows, no longer returns a SeriesArray instead of a Series.
TeamQuest Manager
Version 11.4.11
March 7, 2023
Enhancements
-
Upgrade Manager to Apache HTTP version 2.4.55
-
Upgrade Manager to Postgres 13.9
Vityl Monitor
Version 11.4.6
March 7, 2023
Enhancements
-
Upgrade Vityl Monitor to Tomcat 8.5.84