LUCY Version 4.1 is available for download

LUCY Version 4.1 available for download

Users get certificates of attendance when they successfully complete an Awareness Training. Send signed phishing emails, extend your purchased domains and much more! Download the new Release, try the powerful Community Edition!

LUCY V 4.1 is available for download since the end of March 2018. Besides dozens of bugfixes the following new features are available:

  • Mail and Web Filter Test (Which file and message types ‘go through’?)
  • Attendance Certificate for successful trainings / Traning Diploma
  • Recommended email domains in templates
  • Digital signature in phishing emails
  • Domain renewal option
  • Scheduler randomization improvement
  • Date view options
  • Website Cloner improvements
  • XML export support
  • Export Recipient Groups
  • Reports: Table of contents improvements
  • Enduser Profile Improvements
  • Reports: Image placeholder
  • MS-Outlook / Office365© Incident Plugin improvements: configurable ribbon label, inline email forwarding options
  • Dashboard changes
  • Report: Hourly Stats default Value
  • More Whitelabeling: Change default name, copyright, logo, etc.
  • Now you can edit nearly all Text Messages or Labels!

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality. Because we want to remain the best product on the market 😉

Fixed Bugs in LUCY V 4.1

  • Anonymous mode bug
  • Change language scenario bug
  • Click rate and success rate wrong formula
  • Display imported recipients in End Users bug
  • Fix postfix memory limit
  • LDAP import bug
  • LDAP: display list of users
  • Mail Settings Bug
  • Mixed Scenario Template doesn’t collect User Data
  • O365 – email format error
  • Plug-in for Office 365 (bugs & improvements)
  • Redis memory issue
  • Reminders bug
  • Rescheduler bug
  • Resend Awareness Email issue
  • Scheduler plan bug
  • Scheduler: Awareness Only
  • Settings Check error: Scenario Awareness Only has no recipients
  • Several recipients were not added to the schedule plan
  • URL Shortener bug
  • Use quotes in file download names everywhere

We’ll document everything in our LUCY – WIKI  as soon we can! Download LUCY Anti Phishing and Cyber Prevention Server below!

Apr-2nd-2018

What is New in LUCY Version 4.0?

The 14 best new phishing and databreach prevention features in LUCY V4.0 [Video]

With 4.0, we’ve rolled out a pretty long list of new features and improvements. Our cyberprevention server has become even better than it already is. In this article, we would like to show you our 14 favorite new features that are worthy of special mention.

01. Dashboard improvements One

Starting with LUCY 4.0 we re-designed the dashboard. Filter by type or by execution status, use the search field and select between multiple dashboard modes.

02. Dashboard improvements Two

Widgets! Can be moved on the screen

03. Incident Auto Feedback

Including Risk Score Autoresponder. LUCY allows the admin to define an auto responder for submitted emails through the phish button. The risk score uses the IP’s and domains in your email and compares them with databases that contain information about malicious activities

04. Threat mitigation

The threat mitigation is a new feature that allows the LUCY admin to report reported phishing mails to according abuse contact of the provider’s originating IP address taken from the message header. You can click on the mail symbol within the incident center to initiate the sending of the report

05. Risk Assessment mode for campaigns

Instead of showing only raw data about how many users have been successfully phished, we can additionally provide a risk assessment methodology in LUCY, that shows the exposure to certain threats. We can classify different types of threats/Likelihoods such as Technical threats (e.g. unsecured windows PC, unsecure browser etc.), internal threat (e.g. uneducated user who clicks on certain content) and externals threats through hackers (latest trends in attacks, e.g. exploiting a specific browser vulnerability). In LUCY 4.0 we implemented the 1st analysis step and in the coming releases, this feature will be improved.

06. Create a new campaign based on a previous campaign template

LUCY now allows an administrator to create a template based on a previous campaign. The template consists of all settings including all associated scenario and awareness templates. You can then start a new campaign, using this campaign template

07. User reputation

The user reputation level is a score that gives every user a specific profile based on the number of tests performed against this user and the amount of successful phishing simulations.

08. New message template variables

Lucy allows you to use multiple variables within the message template. The variables pull the information from the recipient in the associated group. We added a few new variables (e.g. Gender specific variable) and you can now also use the dropdown in the message template to insert the variables at the right place. New is also the option to use these variables in the message header.

09Authoring Toolkit 

Create e-learning content with the integrated ADAPT Authoring tool: LUCY comes with an integrated e-learning tool called ADAPT. Adapt allows you to build a Multi-Modal content. You can watch videos, listen to audios with transcripts, and complete quizzes. Adapt also has Multi language and localization support Adapt is designed to solve a problem in eLearning. When you’re faced with delivery to multiple devices, such as desktop, tablet, mobile, you have a choice: you can create multiple versions, each optimized for specific devices, or you can use a responsive design approach. If you create and optimize multiple versions for each device, you might build in Flash for desktop, a native app for iPhone, a different version for iPad, and Android, and so on. As you can see, this method is complex and expensive. Then when you start getting into translation and maintenance, it gets out of control pretty quickly – not to mention the tracking issues if you’re trying to track data from multiple sources. Adapt gives you a different, and much simpler option. Adapt creates just one version of your eLearning in HTML5, which responds intelligently to the device it is viewed on.

10. Reputation Based Learning 

Assign custom e-learning content based on a user’s reputation level: Based on the amount of successful attack simulations for an individual user, you can assign a specific e-learning template in LUCY. If a user didn’t fall for a phishing simulation yet, you might want to assign a different e-learning content than for a user who continuously submitted sensitive data in previous phishing simulations. Please visit this chapter for details.

 11. SCORM export of awareness content

All e-learning templates can now be exported using the SCORM format, allowing you to use the LUCY content in another  LMS (Learning Management System).

12. Advanced export features

Starting with LUCY 4.0 we added a navigation item called export within the campaign overview page. The menu that opens allows you to export any campaign related data

13. Randomization feature for the scheduler

We added a randomization feature, that allows you to split up your recipients over different scenario’s using the scheduler.

14. New real time statistics overview

The real time statistics were improved and they include various data sources and ‘views’ that allow you to see the overall campaign statistics (attack & e-learning) on one page.

Wiki Resources

  1. Dashboard improvements (Dashboard)
  2. Dashboard improvements (Widgets)
  3. Incident Auto Feedback
  4. Threat mitigation
  5. Multiple Default Campaigns
  6. Risk Assessment mode for campaigns
  7. User reputation
  8. New real time statistics overview
  9. New message template variables
  10. Authoring Toolkit
  11. Reputation Based Learning
  12. SCORM export of eLearning content: 
  13. Randomization feature for the scheduler 
  14. Advanced export features

 

Do you like our tool? Let us know if yes please! Thanks!

Lucy Version 2018 available

BAM! Introducing LUCY V4.0 with Great New Tools

Thalwil (Switzerland), Jan-25-2018 – A new Version of the best Cyberprevention and Awareness Server is available now. Download LUCY 4.0.2 (or higher) with impressive functional enhancements.

2 Highlights – First: The authoring toolkit allows the creation of individual and custom interactive training courses. Only for professional users. And second: Now you can setup individual tranings in an awareness campaign with different courses who are offered depending on the knowledge of the user (Reputation based Learning). And much more. We bundled the work streams for 3.8, 3.9 and 4.0 together because it made sense to provide a bit new major release. Our ramp-up customers already tested the release in late 2017 and the testing period was longer than usual. We just can recommend our best software ever! Download LUCY V4 or update/patch automatically to 4.0.2 or higher.

Release Notes – New Features in V 4.0

Please check our Wiki for more info on some new features:

  • Ability to enable/disable recipients
  • Advanced Export Features
  • Anonymous Mode: Stronger settings, no more reverts
  • Authoring Toolkit (Only for skilled eLearning authors)
  • Awareness report improvement
  • Benchmark and comparison report improvements
  • Campaign export page
  • Campaign summary page improvement
  • Dashboard redesign for heavy campaign users
  • Dashboard Widgets
  • Dashboard: add as much as possible space for names
  • Domain registration: New TLDs
  • Download template dialogue: Search and sorting
  • Enduser Training Portal as an individual Learning Management System
  • Extended incident reporting back to Lucy
  • Gender specific addressing
  • Improve additional groups in import
  • Incident Auto Feedback (including Email Riskscore Autoresponder)
  • Incident view improvements
  • IP whitelist
  • LDAP filter improvement
  • Log Improvements (login, logout, create/delete campaign or scenario etc.)
  • Multiple default campaign templates
  • Option for awareness results overwriting
  • Outlook plugin: Additional headers checkbox
  • Outlook plugin: configuration interface
  • Outlook plugin: custom image
  • Outlook plugin: localization support
  • Outlook Plugin: option to remove reports on Lucy emails
  • Outlook plugin: Optional additional headers support
  • Outlook plugin: suppress email option support
  • Predefined Campaign Templates
  • Recipient groups selection in schedule rule
  • Reports: Improving reporting capability (low quality of images in DOCX)
  • Reputation Based eLearning
  • Risk Assessment Campaigns
  • Scheduler randomization
  • Scorm export for Learning/Awareness Content
  • Screen locker Template – send data to server on execution
  • Threat Mitigation
  • Campaign Variables enhancements (including use variables in headers and subject)
  • User reputation in Lucy
  • User-Agent string parser doesn’t identify Windows 10 and EDGE
  • Variable buttons in editor
  • Statistics: New realtime statistics overview
  • Web proxy mode improvement
  • Website Copy: Improvements

 

LUCY Server makes cyber prevention in the form of a standardized product affordable for all.

About: LUCY Security is a Swiss company with international clientele in over than 50 countries and with more than 4000 installlations. Its product LUCY Server allows companies to perform realistic Internet attack simulations and customized awareness programs. The software is also able to run infrastructure assessments and a “Phishing Incident Plugin” empowers the user with an easy alerting mechanism in case of an real attack. Certified LUCY Partners in over a dozen countries are providing local and value added services for cyber prevention and IT-Security awareness.

LUCY Users can update their existing installation within the application by hitting ‘Update’.

Not having LUCY yet?

 

New Release LUCY V 3.7 is out – Download or update now!

The new release of LUCY Server V 3.7 has functional improvements. Notable changes and new features:

  • New dashboard & new dashboard actions (WIKI): It makes the handling much easier, especially when you have a lot of campaigns running

  • New report template variables (WIKI): Finally you can put everything into your Campaign reports!

  • New REST API (WIKI): Integrate your personal LUCY instance into your corporate infrastructure or enhance the functionality. It’s a bidirectional Interface and we have already partner companies developping add-ons for LUCY (to be announced soon). API functionality is available only to the Corporate Edition.

  • Office 365 Outlook plugin (in addition to the Microsoft Outlook Plugin for Windows)

  • Outlook plugin improvements: custom subject, multiple recipients, additional headers (X-CI-Report)

  • A new Enduser profile page, your personal learning and training portal (LUCY Wiki)

  • Deeper report customization

  • Default campaign template for even more efficient campaign creations

  • Threat Analyzer: Automated Incident analysis improvements (Available to Business Edition and above)

  • CC, BCC and fake TO fields in messages

  • AV/Firewall protection improvement

  • Recipient upload improvement

  • Dashboard page improvements

  • A new “Stop All Campaigns” button (makes patching easier)

  • Scheduler improvements

  • Disable campaign checks option

  • Replace BeEF with custom JS library. The active information gathering for client browser data and plugins has been rewritten. New, LUCY own code is used for that.

  • Fake deletion (you won’t accidentally delete anything)

  • Add comparison/benchmark charts into report

  • Extended reporting options

  • Custom logos in the campaign report. After a successful campaign you can generate a report for the management. You can select between different formats like html, pdf or even in a *.docx format (easy editable later on).

  • Report variable validation

  • Backups speedup

  • Backup DB data. You can Backup your own DB now

  • Domain registration improvements

We’ll document everything in our WIKI as soon we can!

Download LUCY Anti Phishing and Cyber Prevention Server below!

A new Phishing Alert Button for Users - One new feature of LUCY Anti Phishing

Alive and Kicking: LUCY V 3.6 is out!

The new release of LUCY Server V 3.6 has some functional improvements. In particular, changes were made under the hood. We fixed security-critical bugs and the Microsoft Windows 32/64 bit installation packages were separated for the Phishing Incident Plug-in. We strongly recommend to download the newest version of LUCY!

A new Phishing Alert Button for Users - One new feature of LUCY Anti Phishing

Notable changes and new features in LUCY V3.6:

  • Visual changes on the Dashboard
  • New Incident PLug-In (splitted versions x32 / x64)
  • New version of active vulnerabiltiy detection (BeEF replaced)
  • A new version of the active vulnerability detection feature based on own code
  • Fake deletion (you won’t accidentally delete anything)
  • Custom events support
  • Add comparison/benchmark charts into report
  • Extended reporting options
  • Report variable validation
  • Backups speedup
  • Backup of DB data
  • Dashboard improvements
  • Improved Report Templates

Download LUCY Anti Phishing and Cyber Prevention Server below!

Lucy 3.5 is out

Meet new Lucy 3.5! This version covers mainly internal updates not really visible to the user. Nevertheless we strongly recommend to update immediately to Version 3.5 because of the improved security. You can download VMware ESXi, VMware Workstation, VirtualBox images and Linux installer script on Lucy website, or use a pre-configured AMI on Amazon EC2 instance (search for “lucy” in Community AMIs when creating an instance). If you are using a commercial license, you can update the system through the “Update” section in Lucy. Please make sure you have no active campaigns running before updating Lucy!

Update notes:

  • New report variables
  • Paid sources for recipient search
  • Global benchmark stats
  • White labeling options
  • Security enhancements (AES256 encryption instead of the old AES128, password salt improvements)
  • Notification of expiring domains & VPS
  • LDAP improvements (multiple DC and SSL support)

The new version 3.4 is available and thus also a world novelty

We launched LUCY V 3.4: Cyber prevention as well as IT health checks affordable for everyone and the world-wide new integrated threat analysis of incoming e-mails using the LUCY Risk Score are the highlights of the current release.

Threat Analyser and Risk Score

The “Cisco 2017 Annual Cybersecurity Report“, which is highly regarded in the industry, puts it in a nutshell: “…In many cases, their securityteams can investigate only half the security alerts they receive on a given day.” This is where the Threat Analyzer provides a remedy and relieves the security team of routine work!

The newly introduced Threat Analyzer allows comprehensive threat management and risk analysis of e-mails who have been submitted by users using the Phishing Incident Plugin for MS-Outlook. The LUCY Risk Score calculated by the LUCY Server is a world-novelty. For the first time, internal databases and IT security rules are combined with external threat information. The world’s first multi-level analysis algorithm of the suspicious e-mails allows the calculation of a particularly meaningful key figure – the LUCY Risk Score. First, the header data of the message is inspected. This is followed by the investigation of the message body. Subsequently, the trustworthiness of the sender as well as of the dispatch route are checked and finally the internal security rules are applied. This results in a comprehensive KPI:

E-Mail Risk Score by LUCY

 

Phishing Incident Plugin for MS-Outlook available everywhere

The plugin allows an immediate response to running cyber attacks. Because it’s such a powerful and highly beneficial feature we decided to make the functionality available to all commercial editions of LUCY Server. Already for 350 dollars you have the possibility to introduce a company-wide cyber alert-system in the enterprise. And that without user limitations! Read more about our Phishing Button here.

Multi-language awareness page

Since LUCY V1.0 you have the possibility to run several language versions of the same scenario in a mock phishing campaign. Now you can do the same with your learning and training content. With that LUCY became the most multilingual solution in the market!

“Collected user data” available in reports

The data you collect during a campaign from the users is now available in the reports and the data can be exported as well for further analysis. Read more about statistical campaign data in our Wiki.

Even more new or improved Features in LUCY V 3.4 :

  • Letsencrypt autorenewal SSL
  • Campaign stats page improvement
  • Phishing Incident Plugin for MS-Outlook fixes & improvements  (completely new code)
  • New stats for portable & file-based attacks
  • Performance improvements in the frontend (Ajax settings)
  • Enable screenshots in the java plugin (dropper)
  • Other minor improvements and multiple bugfixes

Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below:

Update immediately to LUCY V 3.3.3

Alert! Please install V 3.3.3! Your LUCY Server needs an immediate patch.

Dear Clients,

Please install LUCY version 3.3.3 as soon as possible! It should be available in Lucy upgrade section.

 

In the case the server has running campaigns:

If you have some campaigns running, that prevent you from upgrading and you are unable to access the campaign page, you will be unable to upgrade from the UI. In order to upgrade, you will need to stop campaigns manually. That could be done by connecting to Lucy over SSH and issuing the following command under the root account:

sudo -upostgres psql phishing -c 'update campaign_scenarios set status = 0 where status = 10'

 

After the command is done, you can safely upgrade to the newest version and start (do not click RESTART: ONLY click “START | REAL ATTACK” to resume the campaign without re-sending the mails) the campaigns you previously stopped again.

 

“Stop all” Feature will come with LUCY 3.5

In the last days, we got a lot of improvement requests for this functionality. We will implement it: Starting from Lucy 3.5 you can stop all campaigns before upgrading right on the update page.

 

Should you have problems:

If you experience any problems,

  1. please open an SSH connection for our support engineer and
  2. get in contact with us.

A big sorry for the inconvenience!

Best Regards,

Oliver Muenchow & Palo Stacho

LUCY Phishing GmbH

 

Edit Apr-06-2017, 3pm (CEST)

Reason: The patch adresses an internal issue with an encryption module that is used to obfuscate LUCY code. The encryption module stopped working. As a result code (e.g. PHP) cannot be decypted anymore and results to errors when accessing certain pages (500 internal server error). After the patch, the code can be interpreted again.

The ultimate Phishing Tool and even more – LUCY V 3.3 out now!

A completely redeveloped PhishButton, Reports in Microsoft Word format, improved learning management system (LMS) functionalities: LUCY had become the ultimate Phishing Tool (and even more)! And it’s still free for up to 50 Users! Download it now.

New Version: The Phishing Tool and its training functionalities

Again, we put lot of efforts into our baby. With the feedback from our customers and we improved many existing features. Here’s the list:

Completely new Outlook Plugin / Phish Button: Starting with LUCY 3.3 the plugin is a signed MSI file and programmed as a C++/COM object. The loading time of the plugin is around 10 Milliseconds.

Reports in Microsoft Word Format – Docx: Within each campaign you will find a button that allows you to create a PDF, HTML, raw CSV and now in Version 3.3 a Word report based on a predefined *.docx template report format

New CSV reports. Export the insights you got in raw CSV format

Embedded java exploit: The JavaExploiter is a signed applet that will execute one or multiple commands and report back to LUCY

Recipient stats page improvement: http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=monitor_a_campaign_statistics#see_advanced_recipient_statistics

Alternative dashboard views & actions: You can select different default views for your dashboard and starting with LUCY 3.3 you can export the dashboard info (overall stats, campaign names etc.): Ability to reschedule awareness training: Starting with LUCY 3.3 the recipient will be able to re-schedule an awareness training.

The ultimate Phishing Tool Dashboard - LUCY V 3.3 is out

New Dashboard Style available – LUCY – Phishing Tool and more

Comparison improvement: Starting with LUCY 3.3 you have advanced comparison statistics that allow you to make also trend analysis

Scheduling improvement (Timezones)  Now you have the ability to create scheduling rules based on different time zones. If you specify a longer time range you can also ensure, that mails are not sent out on weekends by selecting the according checkbox

Victim reminder: The victim reminder is a new feature that can be configured within a campaign. It allows the administrator to define, that recipients who did not click on a link, did not start a training or did not finish a training, get a reminder message send after X days (to be specified).

Automated awareness link delay (LMS): Now you can set a delay for the automated awareness email. This setting will ensure, that people within the same office will not all be informed immediately that a phishing simulation took place.

Recipient list custom fields:  You can create custom recipient fields now. You can add any new recipient attribute you want (e.g. city, gender, education etc.). Those attributes can be used for using customized statistics in LUCY (dashboard filters or raw exports).

Linking a custom Wiki / Optional manual view: By default the LUCY admin or view only user will have access to the LUCY WIKI. If you don’t want to expose the WIKI or create your own web based manual with your corporate design, you can go to the advanced settings and define a link to your manual

Even more new or improved Features in LUCY V 3.3 – The ultimate Phishing Tool:

  • Ability to install all available patches at once
  • Improved charts in reports
  • Time-based variables in message templates
  • Website copying improvement
  • Campaign recipients page improvement
  • Victim side optimizations
  • License purchase improvement
  • Improved statistics
  • Campaign blocking improvements
  • Benchmark statistics improvement
  • Ability to detect clients behind proxy
  • Awareness scheduler improvement
  • Possibility to rename fields in report
  • Timeline improvements
  • Closed JS files from unauthenticated access
  • Setup tool improvement
  • Optional custom 404 for domains
  • OpenDKIM improvements
  • Optional let’s encrypt domain check
  • IDN improvements
  • Limited view account
  • Menu adjustments

Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below:

Please Update to LUCY 3.2.5 (Patch)