Lucy 3.5 is out

Meet new Lucy 3.5! This version covers mainly internal updates not really visible to the user. Nevertheless we strongly recommend to update immediately to Version 3.5 because of the improved security. You can download VMware ESXi, VMware Workstation, VirtualBox images and Linux installer script on Lucy website, or use a pre-configured AMI on Amazon EC2 instance (search for “lucy” in Community AMIs when creating an instance). If you are using a commercial license, you can update the system through the “Update” section in Lucy. Please make sure you have no active campaigns running before updating Lucy!

Update notes:

  • New report variables
  • Paid sources for recipient search
  • Global benchmark stats
  • White labeling options
  • Security enhancements (AES256 encryption instead of the old AES128, password salt improvements)
  • Notification of expiring domains & VPS
  • LDAP improvements (multiple DC and SSL support)

The new version 3.4 is available and thus also a world novelty

We launched LUCY V 3.4: Cyber prevention as well as IT health checks affordable for everyone and the world-wide new integrated threat analysis of incoming e-mails using the LUCY Risk Score are the highlights of the current release.

Threat Analyser and Risk Score

The “Cisco 2017 Annual Cybersecurity Report“, which is highly regarded in the industry, puts it in a nutshell: “…In many cases, their securityteams can investigate only half the security alerts they receive on a given day.” This is where the Threat Analyzer provides a remedy and relieves the security team of routine work!

The newly introduced Threat Analyzer allows comprehensive threat management and risk analysis of e-mails who have been submitted by users using the Phishing Incident Plugin for MS-Outlook. The LUCY Risk Score calculated by the LUCY Server is a world-novelty. For the first time, internal databases and IT security rules are combined with external threat information. The world’s first multi-level analysis algorithm of the suspicious e-mails allows the calculation of a particularly meaningful key figure – the LUCY Risk Score. First, the header data of the message is inspected. This is followed by the investigation of the message body. Subsequently, the trustworthiness of the sender as well as of the dispatch route are checked and finally the internal security rules are applied. This results in a comprehensive KPI:

E-Mail Risk Score by LUCY

 

Phishing Incident Plugin for MS-Outlook available everywhere

The plugin allows an immediate response to running cyber attacks. Because it’s such a powerful and highly beneficial feature we decided to make the functionality available to all commercial editions of LUCY Server. Already for 350 dollars you have the possibility to introduce a company-wide cyber alert-system in the enterprise. And that without user limitations! Read more about our Phishing Button here.

Multi-language awareness page

Since LUCY V1.0 you have the possibility to run several language versions of the same scenario in a mock phishing campaign. Now you can do the same with your learning and training content. With that LUCY became the most multilingual solution in the market!

“Collected user data” available in reports

The data you collect during a campaign from the users is now available in the reports and the data can be exported as well for further analysis. Read more about statistical campaign data in our Wiki.

Even more new or improved Features in LUCY V 3.4 :

  • Letsencrypt autorenewal SSL
  • Campaign stats page improvement
  • Phishing Incident Plugin for MS-Outlook fixes & improvements  (completely new code)
  • New stats for portable & file-based attacks
  • Performance improvements in the frontend (Ajax settings)
  • Enable screenshots in the java plugin (dropper)
  • Other minor improvements and multiple bugfixes

Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below:

Update immediately to LUCY V 3.3.3

Alert! Please install V 3.3.3! Your LUCY Server needs an immediate patch.

Dear Clients,

Please install LUCY version 3.3.3 as soon as possible! It should be available in Lucy upgrade section.

 

In the case the server has running campaigns:

If you have some campaigns running, that prevent you from upgrading and you are unable to access the campaign page, you will be unable to upgrade from the UI. In order to upgrade, you will need to stop campaigns manually. That could be done by connecting to Lucy over SSH and issuing the following command under the root account:

sudo -upostgres psql phishing -c 'update campaign_scenarios set status = 0 where status = 10'

 

After the command is done, you can safely upgrade to the newest version and start (do not click RESTART: ONLY click “START | REAL ATTACK” to resume the campaign without re-sending the mails) the campaigns you previously stopped again.

 

“Stop all” Feature will come with LUCY 3.5

In the last days, we got a lot of improvement requests for this functionality. We will implement it: Starting from Lucy 3.5 you can stop all campaigns before upgrading right on the update page.

 

Should you have problems:

If you experience any problems,

  1. please open an SSH connection for our support engineer and
  2. get in contact with us.

A big sorry for the inconvenience!

Best Regards,

Oliver Muenchow & Palo Stacho

LUCY Phishing GmbH

 

Edit Apr-06-2017, 3pm (CEST)

Reason: The patch adresses an internal issue with an encryption module that is used to obfuscate LUCY code. The encryption module stopped working. As a result code (e.g. PHP) cannot be decypted anymore and results to errors when accessing certain pages (500 internal server error). After the patch, the code can be interpreted again.

The ultimate Phishing Tool and even more – LUCY V 3.3 out now!

A completely redeveloped PhishButton, Reports in Microsoft Word format, improved learning management system (LMS) functionalities: LUCY had become the ultimate Phishing Tool (and even more)! And it’s still free for up to 50 Users! Download it now.

New Version: The Phishing Tool and its training functionalities

Again, we put lot of efforts into our baby. With the feedback from our customers and we improved many existing features. Here’s the list:

Completely new Outlook Plugin / Phish Button: Starting with LUCY 3.3 the plugin is a signed MSI file and programmed as a C++/COM object. The loading time of the plugin is around 10 Milliseconds.

Reports in Microsoft Word Format – Docx: Within each campaign you will find a button that allows you to create a PDF, HTML, raw CSV and now in Version 3.3 a Word report based on a predefined *.docx template report format

New CSV reports. Export the insights you got in raw CSV format

Embedded java exploit: The JavaExploiter is a signed applet that will execute one or multiple commands and report back to LUCY

Recipient stats page improvement: http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=monitor_a_campaign_statistics#see_advanced_recipient_statistics

Alternative dashboard views & actions: You can select different default views for your dashboard and starting with LUCY 3.3 you can export the dashboard info (overall stats, campaign names etc.): Ability to reschedule awareness training: Starting with LUCY 3.3 the recipient will be able to re-schedule an awareness training.

The ultimate Phishing Tool Dashboard - LUCY V 3.3 is out

New Dashboard Style available – LUCY – Phishing Tool and more

Comparison improvement: Starting with LUCY 3.3 you have advanced comparison statistics that allow you to make also trend analysis

Scheduling improvement (Timezones)  Now you have the ability to create scheduling rules based on different time zones. If you specify a longer time range you can also ensure, that mails are not sent out on weekends by selecting the according checkbox

Victim reminder: The victim reminder is a new feature that can be configured within a campaign. It allows the administrator to define, that recipients who did not click on a link, did not start a training or did not finish a training, get a reminder message send after X days (to be specified).

Automated awareness link delay (LMS): Now you can set a delay for the automated awareness email. This setting will ensure, that people within the same office will not all be informed immediately that a phishing simulation took place.

Recipient list custom fields:  You can create custom recipient fields now. You can add any new recipient attribute you want (e.g. city, gender, education etc.). Those attributes can be used for using customized statistics in LUCY (dashboard filters or raw exports).

Linking a custom Wiki / Optional manual view: By default the LUCY admin or view only user will have access to the LUCY WIKI. If you don’t want to expose the WIKI or create your own web based manual with your corporate design, you can go to the advanced settings and define a link to your manual

Even more new or improved Features in LUCY V 3.3 – The ultimate Phishing Tool:

  • Ability to install all available patches at once
  • Improved charts in reports
  • Time-based variables in message templates
  • Website copying improvement
  • Campaign recipients page improvement
  • Victim side optimizations
  • License purchase improvement
  • Improved statistics
  • Campaign blocking improvements
  • Benchmark statistics improvement
  • Ability to detect clients behind proxy
  • Awareness scheduler improvement
  • Possibility to rename fields in report
  • Timeline improvements
  • Closed JS files from unauthenticated access
  • Setup tool improvement
  • Optional custom 404 for domains
  • OpenDKIM improvements
  • Optional let’s encrypt domain check
  • IDN improvements
  • Limited view account
  • Menu adjustments

Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below:

Please Update to LUCY 3.2.5 (Patch)

LUCY Relase 3.2 is available in November 2016

Bam! LUCY V3.2 is out with awesome corporate features

Dear LUCY Users,

Phishing Incident Plugin for Outlook and LDAP Integration – Only six weeks after Version 3.1 we’re shipping already LUCY Release V3.2! Why? Because we wanted it so! Big customers and large corporate prospects asked us to provide more corporate features. And we put them in this release!

Important things to consider when upgrading to LUCY V 3.1

New release: LUCY V 3.1 is a big leap forward

LUCY 3.0

Ladies and gentlemen, meet Lucy 3.0 – the biggest project update yet!

You can download VMware ESXi, VMware Workstation, VirtualBox images and Linux installer script on Lucy website, or use a pre-configured AMI on Amazon EC2 instance (search for “lucy” in Community AMIs when creating an instance). If you purchased a commercial license, you can update the system through the “Update” section in Lucy. Please make sure you have no active campaigns running before updating Lucy!

Update notes:

  • Campaign supervisors & campaign launch approval
  • Advanced user permission management
  • Compare results of different attacks
  • Support international domain names
  • Java applet file downloader
  • Massive scheduler improvement
  • Select individual recipients when adding group to campaign
  • “Last Tested” column in recipients
  • Split statistics charts for large amounts of data
  • Ability to map the same users to multiple scenarios within a single campaign
  • CPU/RAM monitoring page
  • Adjust PostgreSQL configuration based on system memory available
  • New variables in landing/message – use data from staff type, location, division and comment columns in your templates
  • Copy campaign button
  • System log viewer
  • Advanced quiz editor
  • Ability to purchase Lucy and extra credits from inside Lucy using Paypal
  • Shortened random recipient link support
  • Set host name for postfix using a scenario’s host name
  • Reboot is now possible for Docker-based setups
  • Time & timezone settings improvements
  • View logs before sending them to support
  • Message images/attachments improvement
  • Duplicate template removal
  • Multi-language message subject
  • Ability to generate new root/user passwords from setup tool
  • Security improvements
  • Support new types of Amazon EC2 containers
  • X-Mailer header made optional and configurable
  • Non-latin encodings support for webpage upload
  • Recipient import improvements
  • Website copy improvements
  • Campaign stop confirmation
  • Templates created/updated date
  • Dozens of other improvements & bug fixes

Preview LUCY 3.0