Recent Enhancements and Bug Fixes
A bug was discovered in the way email addresses are parsed from the Send To text fields in the Button Plugin Config interface (Internal Send To, Mock Send To, Phishing Report Send To). The bug caused the parsing to fail if extraneous spaces were found.
The bug has been fixed and, in addition, the text fields now optionally accept a comma delimiter as well as a semicolon.
In certain cases, calculations for training results would be incorrect. This has been addressed, and will no longer occur for new training modules sent out on or after February 25, 2019.
Fix for Missing Report Objects
When new reports were added to the Results > Report Generator module, the report objects were sometimes missing from the instance and therefore would only display the object tag name when the report was generated. A fix was put in place to make sure that all report objects are created in each instance and correctly set up for use in each report. This change does not affect how the Report Generator is used.
Chart Bug Fixes (2)
API Bug Fix
Requests without a JSON body would display a "JSON Error", even when the API call did not require a body. This has been corrected.
Display of Domain Names Fixed
Custom domains were causing an extra '@' to display in Content Group cards. This has been resolved. The domain names should display correctly now in all cases.
Address Book Name Now Being Trimmed of Extra Spaces
Leading and trailing spaces in Address Book Names are now being removed before being saved. Extra spaces were causing matching issues resulting in Address Book counts not being accurate.
Campaign Stats resets for test data and newly copied campaigns
When a campaign is copied, the campaign statistics are now cleared out and reset to 0.
Bug #8.9.3032 DEV-314
Address Book type selection is now required on Step 1
The selection of LDAP or File Upload is now required on the first page of a new Address Book configuration. Previously, you could get to the next screen without selecting a type. However, you would need to choose a type on that page to proceed, which was potentially confusing. For details, refer to How to Create an Address Book.
Bug #8.9.3022 DEV-437
Urgent Email Flag Being Set Incorrectly
The ability to set an email template as urgent was incorrectly setting all emails to urgent if you had more than one email template in a campaign and there was a mixture of urgent and non-urgent email templates. This fix corrects this error and now only emails that use templates that are marked as urgent will have the flag set.
Improved Landing Page Verification and Voice Application Verification
Improved error checking is now in place when a landing page is chosen. Landing pages that are used with Voice
Campaigns will now be checked before the Generate process begins to ensure they have an associated Voice
|10/15/2018||Button Configuration Manager||
Bug Fix for Button Select Box in the Button Configuration Manager
In past releases, a selected button would become deselected after the button had been deprecated (by the release of a newer button version, for example). The fix retains the selection and adds a notice that the button has been deprecated by adding (Deprecated) to the beginning of the selected button name.
Bug Fix for Emails Sent/Scheduled by Day-of-Week Chart
Now works as expected.
Bug fixes for SMS/Voice campaigns
Purpose: There were several minor bugs fixed in the UI and scheduling modules for voice and SMS campaigns.
SMS Campaigns (Reporting):
No usage changes.
The Name and Approval Comments fields associated with a campaign are now editable even when a campaign is locked. In the past the fields became read-only once a campaign was locked (30 days after the cut-off date).
Plan Name has been added to the list of Cross Tabulation options within Custom Reporting. Cross Tabulation allows for an additional level of detail to be added to the summary report.
Voice Data Anonymization Feature A new feature was added that allows data captured during a Voice Campaign call to be anonymized when stored. This means that digits pressed by a user can be stored as actual digits, or optionally as asterisks (*) in order to protect potentially sensitive data.
The ability to use the password as a plain text password has been removed. There is a new field named Login Form Text Field that provides the same functionality as was provided by allowing the Login Form Password field as a plain text field.
Are You Sure? Pop-up Buttons Reversed
The OK/Cancel button positions have been reversed on the Are You Sure? pop-up window.
SFTP automation for Address Books is now available
The new SFTP Address Book configuration and upload tool is live. This tool allows you to automate the upload of CSV files to PhishLine.
Enhancement #8.9.3042 DEV-429
Name Size Increase
The Email template Name field has been increased to allow for 128 characters (previously 30).
Enhancement #8.9.3012 (2019-01-14)
Minimum Password Age
Several customers have requested the ability to block password changes if the passwords have not reached a specific age. This enhancement adds a new Global setting that prevents passwords from being changed until the passwords have reached a specific age. For details, refer to Global Settings.
Enhancement #8.9.2992 (2019-01-14)
Automatic Purging of Administrative User Logs
With the new GDPR requirements, companies are now required to automatically purge user activity from their systems. This enhancement addresses one of those requirements by allowing the PhishLine system to automatically purge administrative user activity logs.
Enhancement #8.9.2982 (2018-12-21)
Ignoring Unauthorized Domains
Unfortunately, in many cases Address Books are imported with many invalid or unwanted email addresses. These include internal and external email addresses that should not be sent email messages. The domain authorization process prevents this, but there needs to be a way to ignore email addresses with these unwanted internal and external domains. This enhancement provides this feature. There is now a new option in the Domain Authorization Application that allows the admin users to mark these domains to be ignored. Once the domain is set to ignore, it will no longer display any error related to the domain and silently ignore (skip over) and email address using an ignored domain when sending out campaign emails.
Enhancement #8.9.2972 (2018-12-21)
A new Address Book import option has been created.
Enhancement #8.9.2953 (2018-12-03)
In addition to the existing Voice multi-factor user authentication, PhishLine now supports multi-factor authentication via Email and SMS.
Enhancement #8.9.2943 (2018-12-03)
Previously, in some parts of the interface, Voice Phishing Applications were referred to as 'IVR' applications. All
Enhancement #8.9.2922 (2018-11-07)
Outbound Analysis Charts Updated to Use Scheduled Time Zone
Previously, all charts in Outbound Analysis were displayed in Central ("America/Chicago") time zone. The charts are now updated to display data in the same time zone in which the corresponding campaign was scheduled.
Enhancement #8.9.2942 (2018-11-07)
Added Login Activity Chart
Benchmark results now include charting of login activity.
Enhancement #8.9.2902 (2018-10-15)
Certificate Indicator on Web Server Host Domain
When adding web servers for landing pages to your Campaigns or Content Groups, there is now an indicator showing whether the domain exists on Barracuda's SSL certificate. Domain names covered by the certificate will display (Certificate) next to their name in the Web Server Host Domain list.
Enhancement #8.9.2861 (2018-10-15)
Voice Application Options Added to Custom Reports
Fields related to Voice Applications are now available as reporting filters in Outbound Analysis Custom Reporting, enabling you to create charts and tables based on Voice Application data.
Enhancement #8.9.2872 (2018-10-15)
|10/15/2018||Web Activity Analysis||
User Login Now Exposed
The user login is now automatically populated in the Web Activity Analysis report.
Enhancement #8.9.2882 (2018-10-15)
|10/8/2018||Educational Content and Survey / Content Delivery Network Whitelisting||
The delivery of static training content including videos and images has been enhanced to allow more transparent switching of the LMS and Surveys between different PhishLine servers. To facilitate this, the host from where the static content is delivered from has changed.
Usage: Educational Content and Survey / Content Delivery Network Whitelisting
You may choose to deliver educational content and surveys using HTTP or HTTPS. PhishLine recommends using HTTPS. The HTTP option is generally only used to allow local caching of content to reduce bandwidth requirements.
To whitelist educational content and surveys, use the following:
Note: The CDN option is only used to distribute the “Image Gallery” components including .mp4, .webm, .jpg, .gif, and similar file types. We recommend that you whitelist requests and responses for static multimedia content only. The web application and data collection are exclusively done on the PhishLine servers even with the CDN option.
Send as Urgent option added to Email Templates
Purpose: If checked within the Email Template, 'Send as Urgent' will send email at High Importance (Highest Priority).
Usage: The new check box field titled 'Send as Urgent' is located in the Email Template Manager under General Settings. If selected, the email will be sent at High Importance (Highest Priority). If cleared, the email will be sent without high priority.
Enhancement #8.9.2833 (2018-09-25)
Notification popup added to Exchange Button 184.108.40.206
Purpose: Version 220.127.116.11 of the PhishLine Exchange Button has been released.
The new version includes a pop-up notification window that delivers feedback messages to the user. The notification window includes both error and success messages and disappears when the user clicks the ‘Close’ button. The addition of the notification pop-up allows messages to be visible for longer periods of time, whereas previously it would disappear immediately after the email was reported.
NOTE: The notification pop-up window will only display for users with Exchange versions newer than 2013
Enhancement #8.9.2823 (2018-09-25)
Enhanced Delivery Status Processing
Purpose: Previously, the PhishLine platform used centralized delivery status processing. This enhancement changed the outbound email logic to use instance specific outbound mailboxes. Now each instance receives delivery status message directly instead of depending on the central delivery status processing to distribute these status messages.
This will allow individual instance to process and update delivery status of outbound emails quicker. Most notably, the bounce status of the outbound email.
Usage: There are no changes to the administration of campaigns. This enhancement will automatically be applied to all future campaigns.This enhancement changes the RETURN-PATH and FROM email in the email envelope from email@example.com to reply_pXXXXXXXXX@spearphish.com. The XXXXXXXX is replaced with a unique instance identifier for each PhishLine customer. Note: Some mail systems will use the RETURN-PATH instead of the email FROM: header for authentication. This might affect the email headers differently depending on the email system. Adjustments to whitelisting settings may be necessary.
Enhancement #8.9.2813 (2018-09-24)
Self-serving Account Unlock with Notification
Purpose: When logging into your PhishLine account, if there are 5 consecutive failed password login attempts, your PhishLine account is now locked instead of being deactivated.
Locked and deactivated are the same thing with the following exception. When your account locks, an email is sent to the email address associated with your PhishLine account. It contains instructions on how to unlock your account.
Just follow the instructions in the email to change your password, and you will not have to contact anyone to unlock your account.
Enhancement# 8.9.2803 (2018-09-23)
Purpose: Prior to this enhancements, the campaign could be modified, updated, and changed indefinitely. The campaigns are now locked in read-only mode 30 days after the cutoff date and the campaign statistics are no longer updated. This prevents unintended changes to old campaigns and to ensure the campaign results will not change.
Usage: Thirty days after the campaign cutoff date, most of the fields in a campaign will be locked. The only fields that will be editable include the "Description", "Plan", "Category", and "Hide Campaign Results" fields.
Enhancement# 8.9.2793 (2018-09-04)