UpGuard Release Notes

We have added additional risks for domains at risk of hijacking. In addition to existing checks for websites that can be taken over, we have now added detection for expired domains in MX record, which could be registered to compromise email security. 

To learn more see How does UpGuard detect sites at risk of subdomain takeover?

Add sorting to competitor analysis in BreachSight 

In the BreachSight Executive Summary, you can now sort the Competitor Analysis panel by name or score to more easily understand how your organization compares to peers.

Improved risk detection for primary domains 

When the example.com and www.example.com versions of a site are different, the risks associated with each version of the site are more accurately reported.

Other improvements

• Risk detection for Microsoft Exchange now uses the full build version for more accurate detection and resolution of vulnerabilities.
• Risks are now raised for domains that serve publicly listable cloud storage buckets. Buckets should be configured not to allow public file listing to prevent potential data leaks. 
• We have exempted more risks specific to Microsoft domains. Generally these risks pertain to SSL/TLS issues that do not appear exploitable and that the domain owners are not able to resolve. 
• Account administrators can now enforce MFA logins for all users in the account, without having to contact UpGuard support. This feature is available through the User Settings page, and only applies to users that are not using SSO authentication.
• We’ve streamlined the process for when you stop monitoring a vendor – now your open questionnaires and remediation requests will be automatically archived.
• This release includes a number of bug fixes.

Following on from the addition of risk assessment summary information to the Vendors page, we’ve added a new report showing risk assessment status across your vendors.

The report will give you a useful snapshot to help you:

• Track and follow up on the status of your in-progress risk assessments
• See which vendors are due for re-assessment, to help you plan for and schedule assessment activity 
• See which vendors have not been assessed, so you can plan for future assessments

To learn more see How to generate a vendor risk assessment summary report       

Additional risks for domain hijacking

We have added additional risks for domains at risk of hijacking. If a domain's DNS records point to an expired or unregistered domain, attackers can register that domain and gain access to part of the target's domain namespace. In this release we’ve added subdomain takeover detection for the following additional services:

• Shopify
• Campaign Monitor 
• Kajabi
• SmartJobBoard
• HatenaBlog
• Worksites
• Uptimerobot
• Help Juice

 To learn more see How does UpGuard detect sites at risk of subdomain takeover?

Incorporating Managed Vendors into Vendor Risk, and Data Leaks into BreachSight 

In order to simplify our navigation and product offering, we have removed the Cyber Research section in UpGuard. Existing customers will now find Data Leaks included in the BreachSight section, and Managed Vendors included in the Vendor Risk section of the application. There are no changes to entitlements, plans, or the service levels of these products.

Other improvements

• We’ve made a few more improvements to the Notifications page, to re-order sections and add clearer description text for some notifications. 
• This release includes a number of bug fixes.

UpGuard’s granular notification system supports many customisable settings that can be overwhelming at first glance. To ensure more effective use of this powerful system, we’ve overhauled the grouping, naming and descriptions of each type of notification. Now, setting up your email and in-app notifications on the Manage Notifications screen is easier to keep track of and understand.

Read more about notifications here:  What are notifications in UpGuard?

Additional risks for domain hijacking

We have added additional risks for domains at risk of hijacking. If a domain's DNS records point to an expired or unregistered domain, attackers can register that domain and gain access to part of the target's domain namespace. In this release we’ve added subdomain takeover detection for the following services: Agile CRM, Strikingly, Anima, Surge.sh.

To learn more see How does UpGuard detect sites at risk of subdomain takeover?

Ability to bulk-update custom vendor attributes

If you’ve been using custom vendor attributes to store important information such as contract expiry date, you will now be able to bulk-edit attributes from the vendors screen. Similar to how you manage tiers, labels and portfolios, this functionality will help you update and assign attributes more quickly and efficiently. 

To learn more see How to use custom vendor attributes. 

Other improvements

• In this release we’ve improved the speed of resolving risks relating to closed ports - risks are now resolved immediately when you request a rescan of a domain or IP.
• This release includes a number of bug fixes.

Learn about new features, changes, and improvements to UpGuard this month.

To make it faster and easier for you to keep track of risk assessment statuses across all your vendors, we’ve added an Assessment summary section to the Vendors page. This lets you quickly filter your view based on risk assessment status, so you can choose which actions to take next. 

We’ve also added Assessment author and Reassessment date as columns on the vendors table, and made it easier for you to tailor your vendors page to see the information that’s most important to you. To learn more see What is the Vendors section?

Amazon S3 subdomain takeover detection

To detect sites at risk of subdomain takeover, UpGuard now checks domains for DNS records that point to resources that are not in use and thereby available for others to register. We are rolling this out initially to provide checks on Amazon S3 buckets, with more information available here. 

Notifications for date-type vendor attributes

If you’ve been using custom vendor attributes to store important dates such as contract expiry date, you will now be able to create custom notifications for these date-type attributes. These notifications will help you keep track of these important dates and can be added as in-app messages in your activity stream or email notifications (email notifications are turned off by default).

To learn more see How to use custom vendor attributes.

Other improvements

• Risk Profile xlsx exports now include columns for Domain and IP Labels.
• When viewing the Domains page for your organization or for a vendor, you can now filter the list of domains by their associated risks.
• We have made some improvements to the questionnaire autofill feature to more accurately detect non-exact matches.
• This release includes a number of bug fixes.

‍

We have enhanced the BreachSight risk profile to show the date that risks were discovered. This makes it easier for you to know when risks are introduced to your environment, and assess what changes could have caused them. 

We’ve also added Date Published for identity breaches to help you better understand the timeline for breach disclosures.  

Questionnaire changes view

Previously in beta, the questionnaire changes view is now available to all Vendor Risk customers. This feature makes it faster and easier to see how responses have changed between versions of a questionnaire, so that you can focus on the information that’s most relevant. To learn more see How to compare responses using the questionnaire changes view.

Other improvements

• We’ve added PDF export capability to the Data Leaks summary page
• We’ve increased the character limits for custom attribute and notes fields
• This release also includes a number of bug fixes

Learn about new features, changes, and improvements to UpGuard this month.

We are rolling out ‘questionnaire changes view’ to our Beta program customers. This feature enables you to compare responses between two versions of a questionnaire side by side, making it significantly faster and easier for you to re-assess your vendors.

The questionnaire changes view allows you to focus in on the responses that have changed. It gives you a more accurate and up-to-date picture of the vendor’s security posture without the risk of having answers that have changed without your knowledge. To learn more about using the changes view, this article has more information.

We are initially releasing the questionnaire changes view to a group of Beta customers. If you would like to be part of the Beta, please reach out to your Customer Success representative or send a request on Intercom. 

Part of the Beta group and have feedback to leave? Share your thoughts here. 

Notifications for risk reassessment and due dates

We’ve added some new notifications to help keep track of and follow up on your activity within UpGuard including risk reassessment dates, remediation request and questionnaire due dates. 

You can configure these notifications to appear in-app on your home screen and/or via email in Settings. Email notifications will be switched off by default. To learn more check out Notifications in UpGuard.

Inviting a vendor to a free trial

We previously enabled UpGuard Vendor Risk customers to provide 14 days of free access to their vendors. We’ve improved this feature by making the invite button more visible in the platform—this can be found in any vendor’s header next to the vendor name.

Learn more about how you can proactively improve your third party security by providing your vendors access to the UpGuard platform here.

Addition of new HECVAT questionnaires

We’ve added two new questionnaires to the library—the Higher Education Community Vendor Assessment Tool (HECVAT) questionnaire, as well as a HECVAT Lite version—which will help institutions align their vendor risk posture to higher education-specific security controls.

Other improvements

• Added informational risks to identify unmaintained assets, like those serving default server pages and web directories.
• Added informational risks for sites without Certificate Authority Authorization records.
• Data leaks where the developer’s business email address is found in the event history will be broken out into a “Github User” source. Keyword matches that occur in the code contents will continue to be labeled with the “Github” source.
• Improvements to the performance of notifications. This includes batching a variety of notification types to reduce spam.
• Improvements to the vendor search experience when used in combination with filters and portfolios.
• This release includes a number of bug fixes.

You can now quickly identify which vulnerabilities on your assets are on CISA’s list of known exploited vulnerabilities (KEV), pointing you towards your highest areas of risk at a glance. 

At any given time, threat actors are only targeting a small number of vulnerabilities, and this feature will allow you to prioritize the remediation of those vulnerabilities that directly impact your business. As part of this feature, you can also set up notifications to be informed when a vulnerability you have is added to the KEV list.

New Data Leaks home page

The new Data Leaks Home page provides more reporting capabilities for understanding where those mentions of your brand keywords are occurring. UpGuard’s Data Leaks engine processes billions of files each day to identify the small number of sensitive data exposures affecting our customers. This information will help understand your risk profile for leaks and demonstrate your controls for the timely detection of data exposures. Over the coming weeks, this feature will be rolled out to accounts with Data Leaks enabled.

Additional risks for website security headers

We’ve added detection for more risks related to website security headers. These risks will be released in a “provisional state,” meaning they are visible but do not affect scoring. After a provisional period of one month, the risks will be updated to include scoring penalties. 

Improvements to remediation exports

We’ve added new capabilities to the remediation export to assist with tracking and auditing of remediation activity, including:

• Additional fields in the remediation summary exports
• Addition of export capability for individual remediation

To learn more about these improvements check out How to export your internal remediation requests and How to export your vendor remediation requests.

Other improvements

• Added detection for the OpenSSL 3.0 vulnerabilities CVE-2022-3786 and CVE-2022-3602
• You can now delete risk waivers in UpGuard BreachSight as opposed to archiving them
• This release includes some more performance improvements 
• This release includes a number of bug fixes

‍

Learn about new features, changes, and improvements to UpGuard this month.

We've added notifications that will alert you when new domains and IPs are detected as part of your organization's attack surface.

The appearance of new active domains or IPs can pose a risk in itself if the assets are not securely configured for production use, are applications intended only for internal use, or are unauthorized shadow IT. Notifications for new assets can help reduce the time to remediate when such incidents occur. 

These notifications will be enabled by default for the Home page in the Cyber Risk platform. You can also enable email notifications and modify in-app notifications any time in the Account Settings page. To learn more about configuring notifications in UpGuard see What are notifications in UpGuard.

Other improvements

• For customers that use webhook integrations: all webhook requests from UpGuard will now come from a small set of static source IP addresses. The list of IP addresses is available at https://cdn.cyber-risk.upguard.com/webhook-ips.json. If you have set up webhook integrations behind a firewall you will have to ensure the above IP addresses are allowed by the firewall rules.
• This release includes some performance improvements 
• This release includes a number of bug fixes

In this release we have streamlined the risk assessment process by incorporating risk waivers into the risk review section. The feature allows you to document justifications and approvals for waiving known risks, in addition to requesting remediation. This streamlines the risk assessment workflow so that you have all the relevant information when managing the risks presented. Learn all about using the risk assessment framework in UpGuard. 

HIPAA questionnaire with risk mapping

We have added a new risk-mapped security questionnaire to the questionnaire library: the Health Insurance Portability and Accountability Act (HIPAA) questionnaire. The HIPAA questionnaire allows organizations to determine if their vendors are compliant with the US Federal HIPAA standard, which relates to the secure handling of Protected Health Information (PHI). 

Simply send this security questionnaire to your vendor and UpGuard will automatically generate risks based on the responses. They can save time by using our new auto-fill functionality to complete the same questionnaire at the touch of a button: Learn more about using questionnaire autofill.

Other improvements

• We’ve added unverified checks for Microsoft Exchange ProxyNotShell vulnerabilities (CVE-2022-41040 and CVE-2022-41082).
• We’ve made improvements to our detection of Windows Server versions.
• Creating a risk waiver will now close associated remediation request risks.
• Additional audit log events for shared profiles:

            - Revoking a user or organization access

            - Adding, editing or removing assets on the profile

            - Customizing the public info on the profile

• This release includes a number of bug fixes.