LUCY 4.8.4

Lucy 4.8.4 is available for automated update! Please make sure you have no active campaigns running before updating!

New Features

  • PDF file-based Attack that allows to send PDF files with an attack simulation link. PDF files can be prepared within Lucy as HTML and they will be automatically converted to PDF just before sending out attack simulations.
  • New Burmese, Chinese Cantonese and Vietnamese languages for templates
  • Ability to view and export all clicks on the attack simulation link

Improvements

  • Sort order in Overall Recipient Statistics tables
  • New “Quiz Passed At” field in Recipient statistics
  • Additional columns in Export – All file to differentiate between quiz and non-quiz trainings
  • Diploma generation immediately after successful training
  • Automatic refresh of the End-User Portal and Statistics
  • Automatic selection of the language in the End-User Portal based on Recipient’s language, it can be configured manually from the UI
  • Training status in the list of available trainings in the End-User Portal.

Bugs fixed

  • Statistics calculation in the End-User Portal
  • Global Link availability in stopped campaigns
  • Let’s Encrypt autorenewal for sub-domains
  • Unnecessary statistics by Comment field
  • Risk distribution by Location
  • Template download issues
  • Let’s Encrypt SSL certificates for Docker installations
  • Per cent of completed trainings for awareness-only campaigns

LUCY 4.8.3

Lucy 4.8.3 is available for automated update! Please make sure you have no active campaigns running before updating!

New Features

  • Multiple LDAP integrations. Introduced a possibility to configure multiple LDAP servers that are bound to Client and/or Branch to provide independent simultaneous synchronizations of recipient groups with different LDAP servers
  • Interactive API documentation available directly from Lucy menu Settings → API Whitelist → API Documentation
  • New Euskera language for templates
  • Customizable campaign reminder templates
  • New API End-points for Campaign Scheduler

 Improvements

  • Improved API End-points: Custom fields, Campaign Statistics
  • Extended character set for Recipient Import
  • Extended set of Antivirus/Firewall protection intervals
  • Ability to report phishing Incidents as an EML attachments via O365 Plugin
  • Ability to report phishing incidents to multiple emails via O365 Plugin

Bugs fixed

  • Erasing statistics of all recipients in case of removing a single recipient
  • Incorrect statistics caused by Antivirus interval for File-based attack
  • Running campaign status in the campaign backup
  • Template attributes visibility
  • Unsupported symbols in recipients import files
  • Too many redirects with OAuth SSO
  • Incorrect statistics in Awareness-only campaigns

IMPORTANT NOTIFICATION

In case if a strict network policy is in place, please consider this message as critical.
LUCY centralized server is being moved to new IPv4.

We migrate it from 176.9.154.150 to 162.55.130.83, 16th of October 2021 23:00 Central European Time.

Please add the new IPv4 to the list of allowed hosts for inbound and outbound HTTPS traffic.

The server is responsible for such things as:

  • Templates
  • Software updates
  • License verification

No running campaigns will be affected.

In case of any questions, please email to support@lucysecurity.com

LUCY 4.8.2

Lucy 4.8.2 is available for automated update! Please make sure you have no active campaigns running before updating!

New Features

  • Flexible template attributes. There is a global list of template attributes automatically uploaded by all Lucy instances and available for template editing and creation. The list is managed by Lucy team
  • Template filter that allows to filter templates by any template attribute including template Languages
  • Ability to create On-boarding campaigns via new Scheduler Rule Type “Yearly Campaign”. It is possible to schedule sending multiple attack or awareness scenarios within 12 months from adding a recipient to the campaign aiming to organize an onboarding security course for new employees
  • New file-based templates: HTML and SVG attachments
  • New API End-points:
  • Campaign Report
  • Campaign Errors
  • Campaign Status
  • Campaign Exports
  • Diplomas
  • Export Incident Reports to Jira
  • Creation of a campaign based on Campaign Template

Improvements

  • End User Portal can be located at any domain that differs from the domain of the Admin Panel
  • Serbian language for templates
  • Handling disabled LDAP users
  • Visibility of long Campaign names on the Dashboard

Bugs fixed

  • Upper/Lower case names in recipient import files
  • Awareness-only statistics
  • Awareness sub-domain for End User Portal
  • User/Supervisor ability to bind awareness to an attack simulation
  • Resend button appearance for scheduled campaigns
  • Incorrect Statistics in End User Portal
  • LHFC scanner download from Wizard
  • Mail Manager: email contents incorrect display
  • Incorrect permissions for Client and Branch
  • Incorrect filtering from Azure AD server
  • Excessive write access to Azure AD
  • Insufficient search filters for Azure AD import
  • LDAP access with no SSL
  • Confirmation for deactivation recipients
  • Possible crash of the web server in Master and Slave configuration
  • Overall recipient statistics in Anonymous mode
  • Let’s Encrypt certificate issue/renew
  • Server test fail for OAUTH2
  • File-based scenarios bugs
  • Out Of Office delay for tracking responses
  • SOO/SAML incorrect initial configuration
  • Mail Manager performance improvement to avoid lost emails
  • UTF8 characters in CSV files for recipient import

LUCY 4.8.1

Lucy 4.8.1 is available for automated update! Please make sure you have no active campaigns running before updating!

New Features

  • Synchronization of user accounts from Azure AD to Lucy’s recipients and users

Improvements

  • lucyQuizResults() function returns “Trained At” value
  • Track Responses function is able to track emails sent to multiple addresses
  • Ability to use multiple email addresses in O365 plugin
  • SMTP delivery support for Gmail plugin

Bugs fixed

  • Import recipients from CSV with non-UTF encoding
  • Empty list of available trainings on the End User portal
  • Website preview for multi-language training
  • Scheduler for awareness only campaign
  • End User Portal statistics inconsistency
  • Empty recipient columns in export

Lucy 4.8

Lucy 4.8 is available for automated update! Please make sure you have no active campaigns running before updating!

New Features

  • Multiple awareness for awareness only campaigns. It is possible to assign different awareness scenarios for different recipient groups in awareness only campaigns. Risk level differentiation is also supported
  • Ability of separate scheduling different awareness scenarios. It is possible now to separately schedule training scenarios in awareness only campaigns
  • New Branch attribute for campaigns, users and templates. A new Branch attribute for Clients is introduced. Campaigns, recipient groups and templates can now be restricted for administrative users within the same Client based on the Branch attribute of the user
  • New API endpoint for removing a recipient group from campaigns
  • New Mail Manager. Mail Manager was completely re-designed to increase its performance, stability and usability especially for the campaigns with a huge number of recipients
  • End User statistics export. It is possible to export end-user list filtered by Campaign or Recipient Group with general statistics. Export data can also be grouped by Recipient Group or Campaign
  • Overall Recipient Statistics. It is possible to view general Recipient statistics under Campaign Statistics menu. Data can be viewed and exported using filter by Campaign, Recipient Group or time period

Improvements

  • LDAP Sync Tool: ability to work without administration rights
  • LDAP Sync Tool: ability to connect to Lucy via proxy
  • SMTP connection test console output
  • Ability to use %gender% variable when no gender attribute defined for a recipient

Bugs fixed

  • Inaccurate statistics in report variables %charts.awareness%, %victim.table.trainingstats% and %awareness.completed%
  • Incorrect awareness website language with Direct Login for recipients with different languages
  • Comma in Fake Recipient Name
  • Anonymization for Divisions with less than 10 recipients
  • Anonymization in Compare function
  • Detection of the OS and Browser versions in awareness only campaign
  • Logs rotation for Docker installation
  • Chronology of events in Timeline
  • Geolocation in Master/Slave environment
  • Quiz score attribute in API
  • Authorization via LDAP with SSL
  • Custom name for PDF file-based scenarios
  • Metadata in SCORM export
  • Training overview chart stats
  • Visits accounting
  • Campaign visibility for administrative users
  • License options
  • Inaccurate average scenario time in campaign exports
  • “Only successfully phished” option of the scheduler
  • Incorrect statistics if Success Action is set to Clicked
  • Ability to stop campaign on Slave in Reflective Master&Slave configuration
  • Export to SCORM wrong metadata
  • Training overview chart incorrect stats
  • Bugs in visits accounting
  • Bugs in campaign visibility for administrative users
  • Minor bugs in license options

Lucy 4.7.8

Lucy 4.7.8 is available for automated update! Please make sure you have no active campaigns running before updating!

New Features

  • SMTP OAuth2 authentication mechanism. OAuth2 protocol for SMTP servers makes Office 365 (Exchange Online) more secure. Gmail support is coming out next year. Other providers will be added depending on the need and applicability
  • O365 mobile support. Phishing button for Office 365 can now be used in Outlook mobile app in the same way as on desktop computers. Reinstallation of the plugin is required
  • Single Sign-on: Azure AD OAuth2 authorization. Azure AD OAuth2 authorization. It is possible to configure SSO for Lucy users using Azure AD OAuth2 authorization
  • End Users: send password reset link instead of plain text password. It is possible to send a password reset link in awareness email instead of attachment to access the End User Portal
  • External ID for recipients in API. This feature is important for those users who would like to develop custom mechanism of synchronization of recipients using Lucy’s REST API

Improvements

  • German translation of the UI
  • Whitelabel: all Lucy references can be replaced

Bugs fixed

  • Track Responses: case sensitive
  • Incorrect schedule plan
  • SSL certificates: Certbot won’t update

Lucy 4.7.7

Lucy 4.7.7 is available for automated update! Please make sure you have no active campaigns running before updating!

New features

  • Mapping of multiple awareness scenarios. It is possible to bind several awareness scenarios to each attack simulation scenario in the campaign. So it will be possible to send different attack simulations and bound awareness scenarios to different recipient groups within a campaign. The risk level of the recipients will be taken into account for the awareness emails
  • LDAP Synchronization Tool multiple groups. It is possible to synchronize several LDAP groups using the tool
  • Export by Recipient group. Campaign – Exports – Recipients – All by Recipient Group. A new item for export all campaign data including Recipient group.
  • Excel macros that allow determining if it has been executed. Lucy has a new Success action attribute named “File Open”. This is triggered by a GET request that can be sent from a macro
  • Outlook plugin line breakers. Outlook Plugin allows multi-line text in the user configured messages

Improvements

  • Old protocols of web-server except TLSv1.1, TLSv1.2 and newer are disabled
  • Old temporary files from temporary folder are cleared once a day
  • Performance test results became more accurate
  • Awareness Tracking Functions are expanded with several new functions to make awareness templates more flexible. The compatibility with the existing templates is kept
  • New attribute “Client” for Lucy administrative users
  • Password policy – minimum password length is increased to 16
  • File names validation before uploading improvement for better security
  • XSS and RCE handling improvements

Bugs fixed

  • File renaming after upload using File Browser
  • LDAP sync tool: missing ldap_based attribute for LDAP users
  • Incorrect stats in the Awareness only End-user Portal
  • Unsolicited emails to the recipients
  • apt-get update && apt-get upgrade issue in OS update procedure
  • Quiz results disappearing after campaign restore
  • %success% variable rounding out
  • Notification on failed backups
  • Mail Manager: diacritic chars in the campaign name
  • No Recipients Menu for Administrative Users

Lucy 4.7.5

Lucy 4.7.5 is available for automated update! Please make sure you have no active campaigns running before updating!

New features

  • New setting to configure the “From” field of the system notification emails (Settings -> Advanced Settings, System Notification Emails field)
  • Multi-language support of the UI and messages in Outlook MSI Plugin. It is possible to configure translations for the following system locales: Dutch, English, German, Italian, Portuguese, Russian, Spanish, Turkish and Ukrainian
  • New design of the End User Portal
  • Possibility for the administrators to configure the widgets on the End User Portal (Settings -> End Users -> Enduser Portal Settings)
  • New column “Certificate received” in the All Recipients export file
  • New export filter “Received Training Certificate” for the recipients who received their certificates

Improvements

  • On the “Recipients” step of the Campaign Wizard the contents of the selected recipient group are displayed
  • Campaign Statistics sub-menus are highlighted
  • Main menu re-organized: Recipients menu moved as a sub-menu of Settings, Sessions menu moved as a sub-menu of Tools, Status menu moved as a sub-menu of Support
  • Campaign Base Settings page re-organized
  • New page for Attack Settings introduced for faster access to the list of attack scenarios
  • Scenario Setting page re-organized, Scenario summary page became a part of Campaign Statistics Summary page (Scenario Selection button)

Bugs fixed

  • Subject encoding bug after changing the template language
  • Unchecking of a single recipient group unchecked all recipient lists
  • Empty MAIL FROM command in case of external SMTP server
  • Wrong contents of the %Subject% variable for emails
  • Incorrect behavior of the Repeating rule of the Scheduler
  • Error 500 for campaign templates with anonymous mode
  • Missing files in the saved campaign templates
  • Automatic detection of the “Quiz” option in Campaign Wizard
  • Incorrect removing of the “Deny For” rule in Campaign Filters
  • Several awareness emails in campaigns with several attack scenarios