Enhanced tags for Phishing & Awareness Training
In the latest update to our Security Center, we are excited to announce a comprehensive enhancement to our tagging capabilities, starting with our product Phishing & Awareness Training. These new unified tags are designed on a new architecture that facilitates seamless integration across various asset types and offers refined filtering options, including the support for assets to inherit business impact from tags.
Phishing & Awareness Training now benefit from several significant enhancements to its tagging system. This includes the introduction of dynamic tags which come equipped with additional rules for more precise selection criteria. Assets within the Phishing & Awareness Training can now be matched by email and asset name. Furthermore, the new system supports hierarchical tagging through parent and child tags.
Get started with the new tags.
To optimize your workflows dealing with many recipients, you can learn more about tags for phishing and awareness training here:
https://support.holmsecurity.com/knowledge/how-do-i-create-a-new-tag-PAT
https://support.holmsecurity.com/knowledge/how-do-i-apply-a-tag-to-a-recipient
Planned changes to tags in Security Center.
Phishing & Awareness Training recipient assets are first to receive the new tags architecture in Security Center. We will transition Devices and Network & Web assets to the new tags in the next months. The transition will be seamless for customers and will include additional features for tags that we will share more details of.
Web & API scanning enhancements & improved coverage.
Several new web and API scanning capabilities, as well as general stability improvements, are being released to strengthen the scanner further.
These capabilities expand the scanner's vulnerability coverage, enabling it to uncover more risks than ever before. Here are a set of highlights:
- Public Access to GraphQL UI
An attacker could explore the GraphQL UI to extract sensitive information from the server. - GraphQL Introspection Queries
Introspection in GraphQL allows clients to query the schema for information about the types, fields, and functionality a server provides; we have included the gathered queries. - XSLT injection
User Input is passed to the XSLT transformer without filtering, allowing the attacker to inject arbitrary XSLT code. - External service interaction
External service interaction arises when an application can be induced to interact with an arbitrary external service, such as a web or mail server. It can indicate a vulnerability with serious consequences.
Expanded coverage to Cloud Scanning
We've added coverage for new vulnerabilities and misconfigurations that Cloud scanning can now detect. This update includes 122 new detections for Microsoft Azure, four for AWS, and four new detections for Google Cloud.
Want to get started with Cloud Scanning?
Contact your Holm Security contact or send an email to sales@holmsecurity.com.
Supported Cloud Services for each vendor:
- Microsoft Azure
https://support.holmsecurity.com/knowledge/what-cloud-services-are-supported-for-azure - Google Cloud
https://support.holmsecurity.com/knowledge/what-cloud-services-are-supported-for-google-cloud - Oracle Cloud
https://support.holmsecurity.com/knowledge/what-cloud-services-are-supported-for-oracle - Amazon Web Services
https://support.holmsecurity.com/knowledge/what-cloud-services-are-supported-for-aw
Other Enhancements
- Newly provisioned Scanner Appliances will now be set up faster, as fewer reboots will be required to get started.
- Filtering by the port is now working correctly in Continuous Monitoring.