Posts

New Major Release is out - LUCY V4.4 is available for download

Brand new: LUCY V4.4 and why you should upgrade to the new version!

The second release using Debian 9.5 brings significant improvements to users of the Phishing Incident button. Further the GDPR compliance is now on the highest level!

The Office 365 (c) Incident Button is now matured and the Mail and Web Filter Test feature has been polished. Further improvements and bug fixes see below.

What is the Mail and Web Filter Test?

This Email and Internet malware protection test gives you an insight at how your mail server and web proxy handles different variations of files and file types. You can thus see whether potential malicious code, such as Java files, backdoors, scripts, embedded Office Objects are detected and blocked by the filter infrastructure. Based on these results, you can then carry out targeted phishing campaign. And you know which files „go through“.

Why is the new Debian Linux version so important?

The Linux Version that we used until Lucy V4.2 stopped receiving security upgrades from the vendor, so by moving to the new version you will continue getting security updates for all software for the Operating System level until 2022. In addition, Lucy will run on more recent versions of software, and this may speed some things up.

New Major Features in Version 4.4

What improvements and new features are particularly worth mentioning? (Some with links to the LUCY Wiki)

 

 

VmWare / VirtualBox / AWS / Native Linux available

 

Other Improvements and Bug Fixes

Other Improvements / New Features

  • Improvement – Improve template menu (awareness + scenario templates)
  • Improvement – SE: Catch email replies
  • Improvement – SE: Embedded email client
  • Improvement – Recipient Statistic Improvements
  • Improvement – O365: implement features from MSI plugin (Plugin)
  • New Feature  – Campaigns and CampaignScenario tables refactoring
  • New Feature  – SE: Time tracking for landing page

 

Fixed Bugs

  1. Server – Awareness Delay bug
  2. Server – End User Portal: incorrect redirection
  3. Server – Downloaded Files: incorrect calculation
  4. Server – Test Run: Awareness email isn’t sent if delay>0
  5. Server – Pinned Campaign checkbox: UI changes
  6. Server – Resend Button (Errors): MessageJob does not start
  7. Server – Risk Assessment: highlight recommended scenarios
  8. Server – Invert-Train: trained_at isn’t updated
  9. Server – Campaign name should be unique
  10. Server – Campaign Restore: User Id cannot be blank
  11. Server – Statistic charts are displayed as “in progress” in stopped campaigns
  12. Server – Quiz stops counting answers when get 10th question
  13. Server – Campaigns: backup is displayed when apply search
  14. Server – Campaign Recipients: Distribute users over selected scenarios
  15. Server – Mail & web filter test – 500
  16. Server – Users: Admin account is changed to end user
  17. Server – Update bug 4.3 => 4.4
  18. Server – No default reputation level is displayed after successful submission
  19. Server – Users: Certificate-based login
  20. Server – PHP error
  21. Server – 500 error during import recipients
  22. Server – Invalid awareness_id when restoring awareness only company
  23. Server – 2FA: second password is sent
  24. Server – Missed column names for recipient
  25. Server – Remove `Reports`,`Campaigns` from New Client
  26. Server – X-headers are not set in forwarded emails in O365
  27. Server – Scenario Templates: download instead of release date
  28. Server – Awareness website click stats is not anonimized
  29. Server – Landing Page Editor: Close Handler nor working
  30. Server – Advanced data not anonimized
  31. Server – Incorrect training score
  32. Server – Benchmark Sector settings: top-border overlapping
  33. Server – Text after quotes will disappear after apply search
  34. Server – Quiz Scores Distribution
  35. Server – Recepients: User see `null` text in alert during deletion recipients
  36. Server – Correct text placement in ‘Awareness website’ graph
  37. Server – Incidents: the Email domain is parsed incorrectly
  38. Server – Reports: remove extra tags
  39. Server – End Users: correct succeeded users count
  40. Server – Recipients import: custom fields aren’t imported
  41. Server – Users info is not anonymized
  42. Server – Hide anonimized user data on server side
  43. Server – Campaign Wizard: error creating campaign wizard with ‘Mail & Web Filter Test’, ‘Technical Malware Test’ types
  44. Server – New scenario cannot be added
  45. Server – Portable Media Attack: Failed AJAX requests
  46. Server – LHFC: Tool is not attached
  47. Server – Data in report template is not anonymized
  48. Server – Collected data is not Anonymized
  49. Server – Hide statistic info for company with anonymous scenario
  50. Server – CampaignGroupRecipientEditJob: recipient_count isn’t updated
  51. Server – PHP notice
  52. Server – awareness website – fake anonymity statistic
  53. Server – Adapt template: Website is disabled after saving basic settings
  54. Server – Can not close BenchmarkSettingsForm
  55. Server – 404 on “opened” item
  56. Server – Attaching renamed image
  57. Server – Unable to restore from backup
  58. Server – Campaign recipient link bug
  59. Server – End users not created for the phishing campaign
  60. Server – Data in export drop down is duplicated
  61. Server – PHP notice on time/top worst
  62. Server – Reputations Level bug
  63. Server – Campaigns: Unable to delete all campaigns
  64. Server – Error creating recipient without email
  65. Server – Error saving in “Base Settings” section
  66. Server – Campaign Wizard: 500 error on create campaign ‘Training’ type
  67. Server – LDAP: users from another domain are not imported
  68. Server – Campaigns: Runtime exception of save campaign name with <>
  69. Server – Awareness: 404 on preview website for specific template
  70. Server – Campaign Wizard: the 404 page on preview template
  71. Server – SMS issue
  72. Server – “Test Run” bug in portable campaign
  73. Server – Reputation Levels buttons bug
  74. Server – Recipients import: “records of page” dropdown bug
  75. Server – Recipients import dropdown bug
  76. Server – Dynamic Domain Save Bug
  77. Server – Search field is not cleared after clearing field and click Update button
  78. Server – Migration Tool: “Campaign templates” section is not copied
  79. Server – Campaign export : table appearance issue
  80. Server – Negative rating
  81. Server – API: scenarios bug
  82. Server – Time landing Page varaibale is not shown in help
  83. Server – Individual scenarios not running
  84. Server – Bad code performance in CampaignController.actionClearSimilarErrors
  85. Server – Error uploading logs to server (error 400)
  86. Server – View Only User Bug
  87. Server – Scheduler: Run Days data validation
  88. Server – End User Line Break Issue
  89. Server – Awareness Certificate: non-english scenarios
  90. Server – Broken link in the campaign breadcrumbs
  91. Server – Recipient group creation bug
  92. Server – Mail settings bug
  93. Server – Enduser login bug
  94. Server – Add language to template
  95. Server – Report Variable: limited interval
  96. Server – Report Variable: screenshot by scenario ID
  97. Server – Reminders page: numeric UpDown fields display only one digit in Firefox
  98. Server – Forward Email bug
  99. Server – Test Run: Resend bug
  100. Server – Recipient Import from CSV: Gender column is missing
  101. Server – End User portal: password.txt
  102. Server – Copy button display bug
  103. Server – CSS bug: too long campaign name
  104. Server – Enduser when creating users
  105. Server – Permission issues
  106. Server – Advanced settings form adjustment
  107. Server – View filters bug
  108. Server – Adding recipients from search results
  109. Server – Campaigns.recipient_count bug
  110. Server – Test run affects campaign running time
  111. Server – Campaign summary design issue
  112. Server – System creates endusers for portable attacks
  113. Server – Awareness page is still accessible after campaign is stopped
  114. Server – Wrong user info in campaign stats
  115. Server – Import from CSV: Link field verification
  116. Server – Collision of victim’s links in copied campaign
  117. Server – Performance test campaign is not deleted after stop
  118. Server – Campaign overview not showing success
  119. Server – Reports: file type settings are not displayed
  120. Server – Webpage upload bug
  121. Server – Object restore id bug
  122. Server – Wrong paginator url on recipient page
  123. Server – clear-db.sh bug
  124. Server – LDAP: users who have name with brackets are not imported
  125. Outlook MSI Plugin – Outlook phish button error message when reporting mail which is in “draft”
  126. Outlook MSI Plugin – Big attachment bug
  127. Outlook 365 Plugin – Error parsing headers in O365 reports
  128. Outlook 365 Plugin – Useless function-file referenced from XML (with a wrong URL)
  129. Outlook 365 Plugin – Error for awareness reports
  130. Outlook 365 Plugin – Outlook 365 restored item bug

 

VmWare / VirtualBox / AWS / native Linux available
500 Free Recipient Credits included!

 

LUCY Software is an Security Awareness System with an integrated Learning Management System LMS and with Debian 9.5

New LUCY 4.3 brings a full blown LMS and Debian 9.5

LUCY V4.3 brings 
  1. The Learning Management System (LMS) has reached full capacity. It includes now the advanced education portal functionality for end users: This feature allows users/victims to log into Lucy on their own and track their progress over multiple campaigns/trainings
  2. A brand new Campaign Wizard
  3. 2-Factor Authentication for Lucy Users and Admins
  4. A new Training Type named Training Library: This feature introduces the ability to offer recipients a library of training materials, compiled of various awareness templates in LUCY Server
  5. The Software runs now on Debian Linux 9.5

Already at the end of September 2018 we have started the rollout of LUCY 4.3. The image is available on https://lucysecurity.com/download.

Functionality

The latest version of LUCY Server offers many interesting functional enhancements and improvements: A new wizard is available to make your first campaigns even easier. A two-factor authentication is now available for end users. Our LMS is now fully functional and has now the desired scope so that you don’t need an additional learning management system anymore. For the trainings there is now a real training portal, in which the user can manage his trainings and follow his learning progress. Especially we would like to point our new “Awareness Training Library”, where the end user can individually select his own training from a whole library of training modules. And there are even more new features worth to mention:

  • Threat analysis for endusers
  • Add attachments to PDF
  • User reputation report
  • Disk usage tracking
  • Block search engine networks from accessing Lucy
  • Incident center with Filter, Search and Sort
  • CSV, PDF export of Mail & Web Filter Test results
  • Campaign message log: search and filter

 

Linux Upgrade

The most far-reaching change is the upgrade of the operating system to Debian Linux 9.5 Stretch. This measure was necessary to ensure maintainability and to maintain system security, as this guarantees security updates for the OS until 2022.

All customers using a system hosted by LUCY have already been contacted or will be contacted directly by our support. Customers who use LUCY as VMware, VirtualBox or AWS appliance have an automated upgrade routine available for the update.

Customers who have installed LUCY natively on Debian, using a Docker container, will get an automated upgrade as well. Customers with native installations without Docker please contact our support as well. An appointment must be made to perform the manual upgrade.

Contact support in case of problems – We hope to have served with this information. If you have any problems with the upgrade, please do not hesitate to open a ticket directly at support (at) lucysecurity (dot) com. Note that no campaigns can run at the upgrade time and that the server is restarted during the upgrade.

Fixed Bugs in LUCY Software V 4.3

And we fixed a lot:

  • 4.3 Awareness Delay Bug
  • 4.3 Hyperlink Template show landing page
  • 4.3 mail and webfilter display issue
  • Admin port configuration bug
  • Annymous not working for downloads
  • Anonymisation bug fix
  • Apache: Syntax error in apache2.conf while doing graceful restart
  • API recipient-group mapping to campaign fails
  • Awareness certificate generation page
  • AwarenessCertificateJob: runs after stopping any campaign
  • Campaign comparison: recipients bug
  • Campaign Restart & Reset Stats button
  • Campaign Restart not working
  • Campaign Test Run feature: tracking clicks isn’t working in ‘Awareness only’
  • Campaign.recipient_count out of sync
  • CampaignManager.getRunning / getRunningCount bugs
  • Console Post shows empty GUI
  • Constantly running getIpJob
  • Correctly mark simulation reports for stopped campaigns
  • Divided by zero bug
  • DocX report Bug
  • Download Template: Hide Installed is ignored when Check All available is ticked
  • Download templates error
  • Download Templates: Lucy is unable to get ‘updated’ (new) templates
  • Empty report arrives if the option After I stop the campaign send me a report to.. is enabled
  • End User Profile page: available training / History gives a 404
  • Error 500 when downloading campaign template
  • Error downloading user certificate
  • Error in UI when using 2FA
  • Exception on saving Scenario settings
  • Fix awareness cert
  • Fix bug in edit scenario template
  • Fix LDAP bug
  • Fix remaining errors from QA
  • Forgot password
  • Generate Report bug: showDateTime method is missing
  • In the download links files the wrong choice of ip / domain is used
  • Incident Management: download message received by SMTP
  • LDAP cannot be deactivated
  • Lucy is unable to change timezone
  • Lucy Outlook Button: Server Address could not be resolved
  • Mail & Web test – file names bug
  • Mail and webfiltertest: not possible to rename the campaign name
  • Mail Settings resets after insatalling 4.3
  • Migration tool: bugs
  • Migration Tool: empty campaign bug
  • Modifying scheduler rule issue
  • MWF: remove options from scenario and template
  • MX check error
  • Not possible to bind recipients to a campaign
  • O365: No ‘Access-Control-Allow-Origin’ header
  • Outlook plugin download fix
  • Password recovery does not work for any user
  • PDF attachment fixes
  • Portable media attack fixes
  • Property VictimCustomFieldForm.value is not defined
  • Recipients: Copy&Delete buttons unavailable in Internet Explorer
  • Recipients: Select All > Delete leads to system failure
  • Reflective Master/Slave
  • Reminders: FATAL (Exited too quickly)
  • Remove stat fields from Campaign and CampaignScenario
  • Report: Error generating image (custom admin port)
  • Reputation levels: default icon
  • Request failed try again when saving Message Tempalate
  • Scenario Stats : Show All button
  • Scheduler: when start\end have the same time then the plan is not created
  • SCORM Export bug
  • SCORM export: language selection
  • Spoofing Test: could not resolve
  • SSL for Lucy console when custom port is used
  • Stats calculation error
  • Temporary folder bugs
  • Test Run: Email tracking breaks the campaign
  • Translation Bug fix
  • Undefined variable: ip

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality.

We’ll document everything in our LUCY – WIKI  as soon we can! Download the LUCY Anti Phishing and Cyber Crime Prevention Software below!

Oct-10th-2018

LUCY V 4.2 brings the Gmail Phish Button!

Brand new Gmail Phish Button and full functional Mail & Web Filter Test: LUCY 4.2 is available now!

New LUCY Version 4.2: The popular Phishing Incident Plugin (Phish button) is now also available for Gmail. This means that Google Mail users now also benefit from automated threat analysis. Furthermore, the web and mail filter test has reached the full configuration status. Thus the search for loopholes in web communication is done in minutes instead of days!

LUCY V 4.2 is available for download now. Besides dozens of bugfixes the following new features are available:

  • Massively improved MWF test (Mail & Web Filter Test: Which file and message types ‘go through’?)
  • New SPF CHECK & MX Check (see below)
  • New Docker configuration (behind the scenes)
  • Add a few reporting variables in awareness mail /website
  • Postfix: support TLS for outgoing messages
  • Gmail phishing button!
  • New Campaign Overview Dashboard with new filters
  • Custom image support for Outlook phishing incident plugin
  • Template editor improvement
  • Automatic invoices (details see below)
  • Outlook Phishing Button Plugin: custom image
  • Mail spoofing test (details see below)
  • New Top Navigation

 

New SPF CHECK & MX Check

1) SPF check. Half our clients spoof their own company domain as a mail sender. As many use SPF records, those mails do not arrive and client thinks LUCY does not work. Thats why we created an SPF check:

  • First: The user saves the message template in a campaign.
  • Second: Verify, if there is a mismatch of the record and LUCY’s IP.
  • If yes, tell this to the user in a popup he need to acknowledge.

This check is also added to the general checks for campaign checks.

2) MX check: When saving an attack scenario, the system checks if the MX record points to LUCY for the sender domain. This is logically wrong. The sender mail server can be different from the MX. Thats’s why we developed a new check, where LUCY verifes if any MX record exists for the domain. If not: most mail server do not accept mail domains, where no MX record exist. Thats why there’s a new popup where LUCY tells the user, that the mail wont arrive unless the used sender domain OR the LUCY-Server IP number gets whitelisted,

Mail Spoofing Test

This tool will help the company to determine, if an external attacker can spoof mails (from company mail domain TO company mail domain; example: sender is [email protected] and receiver is [email protected]).

Automatic invoices

If the user buys more credits or buys lucy, the system creates an invoice (pdf) for the user automatically. The invoices then will be archived and remain accessible to the user.

 

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality. Because we want to remain the best product on the market 😉

Fixed Bugs in LUCY V 4.2

  • “Benchmark Based” campaigns are incorrectly distributed on benchmarks
  • “Client” field in “Incidents” not filled bug (Outlook MSI)
  • “Reset Stats” button marks campaign as Not Running
  • “Service Logs” dont display logs when selecting files in the “File” field
  • “Trying to get property of non-object” when deleting recipient group(s)
  • 404 error after updating to 4.2 when trying to use system with domain
  • Advanced Settings: Date Time & Export issues
  • After update 4.1 – 4.2: Adding a group refresh bug, After start campaign check not working, Copy webpage refresh bug
  • After update on 4.2 – endless reboot
  • Awareness certificate – checkbox “Create Awareness Certificate” bug
  • Awareness certificate file is downloaded without the use of customized styles
  • Awareness Certificate: enduser bug
  • Awareness only report summary chart bug
  • Awareness page link
  • Backup\Restore of campaign (between two different Lucy instances)
  • Campaign comparison bugs
  • Campaign recipient management bug
  • Campaign report doesnt include the content of variable %charts.analyse%
  • Campaign Restart (Reset Stats)
  • Copy Webpage: SSL Error
  • Critical reports bug (from 4.0)
  • Data for plugin cleared
  • Delete duplicate creates unspecified db error
  • Deletion all recipients bug
  • Digital Signature (error: The message contents may have been altered)
  • DKIM selector always is “mail”
  • Download Templates: Install & Replace
  • Editor 500 Bug when accessing system folder via file explorer
  • Error “Empty recipient list.” when adding selected recipients to campaign
  • Error “SMTP server not found” when using “Default Mail Settings”
  • Error 500 if Awareness Only scenario is missing
  • Error 500 when saving Whitelabel
  • Errors in the Whitelabel section
  • Fix Invoice page
  • From LDAP server only some users imported to “Users”
  • Gmail Addon: plugin page causes Error 500
  • Impossible to add recipients in a portable scenario through the campaign
  • In the download links files, the wrong choice of ip / domain is used
  • Incident stats issues
  • Info “Download files” and graphics style bug
  • Label fix
  • LDAPS connection doesn’t work
  • LetsEncrypt: replace expired certificate
  • Letter about changing status of the domain comes in German
  • Login using personal certificate issue
  • Lucy is not updated from 4.1 to 4.2
  • Messages in application log
  • No references to recipients in groups in the “Recipients” section
  • Outlook Plugin: Custom icon causes Outlook to crash
  • Recipients copy bug
  • Recipients search causes error 404
  • Remove/reinstall MSI addon bug
  • Resend Email fails with Database error
  • Scenario landing page proxy bug
  • Skipped questions bug (quiz)
  • SmtpErrorsCommand bug
  • SSL generation bug
  • Template “Health Promotion 1.1” issue
  • Templates: filenames (without spaces)
  • Time variable is not working in landing
  • Training Library: awareness links in preview mode
  • Unselected scenarios included in delayed campaign report

We’ll document everything in our LUCY – WIKI  as soon we can! Download LUCY Anti Phishing and Cyber Prevention Server below!

June-12th-2018

LUCY Version 4.1 is available for download

LUCY Version 4.1 available for download

Users get certificates of attendance when they successfully complete an Awareness Training. Send signed phishing emails, extend your purchased domains and much more! Download the new Release, try the powerful Community Edition!

LUCY V 4.1 is available for download since the end of March 2018. Besides dozens of bugfixes the following new features are available:

  • Mail and Web Filter Test (Which file and message types ‘go through’?)
  • Attendance Certificate for successful trainings / Traning Diploma
  • Recommended email domains in templates
  • Digital signature in phishing emails
  • Domain renewal option
  • Scheduler randomization improvement
  • Date view options
  • Website Cloner improvements
  • XML export support
  • Export Recipient Groups
  • Reports: Table of contents improvements
  • Enduser Profile Improvements
  • Reports: Image placeholder
  • MS-Outlook / Office365© Incident Plugin improvements: configurable ribbon label, inline email forwarding options
  • Dashboard changes
  • Report: Hourly Stats default Value
  • More Whitelabeling: Change default name, copyright, logo, etc.
  • Now you can edit nearly all Text Messages or Labels!

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality. Because we want to remain the best product on the market 😉

Fixed Bugs in LUCY V 4.1

  • Anonymous mode bug
  • Change language scenario bug
  • Click rate and success rate wrong formula
  • Display imported recipients in End Users bug
  • Fix postfix memory limit
  • LDAP import bug
  • LDAP: display list of users
  • Mail Settings Bug
  • Mixed Scenario Template doesn’t collect User Data
  • O365 – email format error
  • Plug-in for Office 365 (bugs & improvements)
  • Redis memory issue
  • Reminders bug
  • Rescheduler bug
  • Resend Awareness Email issue
  • Scheduler plan bug
  • Scheduler: Awareness Only
  • Settings Check error: Scenario Awareness Only has no recipients
  • Several recipients were not added to the schedule plan
  • URL Shortener bug
  • Use quotes in file download names everywhere

We’ll document everything in our LUCY – WIKI  as soon we can! Download LUCY Anti Phishing and Cyber Prevention Server below!

Apr-2nd-2018

Lucy Version 2018 available

BAM! Introducing LUCY V4.0 with Great New Tools

Thalwil (Switzerland), Jan-25-2018 – A new Version of the best Cyberprevention and Awareness Server is available now. Download LUCY 4.0.2 (or higher) with impressive functional enhancements.

2 Highlights – First: The authoring toolkit allows the creation of individual and custom interactive training courses. Only for professional users. And second: Now you can setup individual tranings in an awareness campaign with different courses who are offered depending on the knowledge of the user (Reputation based Learning). And much more. We bundled the work streams for 3.8, 3.9 and 4.0 together because it made sense to provide a bit new major release. Our ramp-up customers already tested the release in late 2017 and the testing period was longer than usual. We just can recommend our best software ever! Download LUCY V4 or update/patch automatically to 4.0.2 or higher.

Release Notes – New Features in V 4.0

Please check our Wiki for more info on some new features:

  • Ability to enable/disable recipients
  • Advanced Export Features
  • Anonymous Mode: Stronger settings, no more reverts
  • Authoring Toolkit (Only for skilled eLearning authors)
  • Awareness report improvement
  • Benchmark and comparison report improvements
  • Campaign export page
  • Campaign summary page improvement
  • Dashboard redesign for heavy campaign users
  • Dashboard Widgets
  • Dashboard: add as much as possible space for names
  • Domain registration: New TLDs
  • Download template dialogue: Search and sorting
  • Enduser Training Portal as an individual Learning Management System
  • Extended incident reporting back to Lucy
  • Gender specific addressing
  • Improve additional groups in import
  • Incident Auto Feedback (including Email Riskscore Autoresponder)
  • Incident view improvements
  • IP whitelist
  • LDAP filter improvement
  • Log Improvements (login, logout, create/delete campaign or scenario etc.)
  • Multiple default campaign templates
  • Option for awareness results overwriting
  • Outlook plugin: Additional headers checkbox
  • Outlook plugin: configuration interface
  • Outlook plugin: custom image
  • Outlook plugin: localization support
  • Outlook Plugin: option to remove reports on Lucy emails
  • Outlook plugin: Optional additional headers support
  • Outlook plugin: suppress email option support
  • Predefined Campaign Templates
  • Recipient groups selection in schedule rule
  • Reports: Improving reporting capability (low quality of images in DOCX)
  • Reputation Based eLearning
  • Risk Assessment Campaigns
  • Scheduler randomization
  • Scorm export for Learning/Awareness Content
  • Screen locker Template – send data to server on execution
  • Threat Mitigation
  • Campaign Variables enhancements (including use variables in headers and subject)
  • User reputation in Lucy
  • User-Agent string parser doesn’t identify Windows 10 and EDGE
  • Variable buttons in editor
  • Statistics: New realtime statistics overview
  • Web proxy mode improvement
  • Website Copy: Improvements

 

LUCY Server makes cyber prevention in the form of a standardized product affordable for all.

About: LUCY Security is a Swiss company with international clientele in over than 50 countries and with more than 4000 installlations. Its product LUCY Server allows companies to perform realistic Internet attack simulations and customized awareness programs. The software is also able to run infrastructure assessments and a “Phishing Incident Plugin” empowers the user with an easy alerting mechanism in case of an real attack. Certified LUCY Partners in over a dozen countries are providing local and value added services for cyber prevention and IT-Security awareness.

LUCY Users can update their existing installation within the application by hitting ‘Update’.

Not having LUCY yet?

 

The new version 3.4 is available and thus also a world novelty

We launched LUCY V 3.4: Cyber prevention as well as IT health checks affordable for everyone and the world-wide new integrated threat analysis of incoming e-mails using the LUCY Risk Score are the highlights of the current release.

Threat Analyser and Risk Score

The “Cisco 2017 Annual Cybersecurity Report“, which is highly regarded in the industry, puts it in a nutshell: “…In many cases, their securityteams can investigate only half the security alerts they receive on a given day.” This is where the Threat Analyzer provides a remedy and relieves the security team of routine work!

The newly introduced Threat Analyzer allows comprehensive threat management and risk analysis of e-mails who have been submitted by users using the Phishing Incident Plugin for MS-Outlook. The LUCY Risk Score calculated by the LUCY Server is a world-novelty. For the first time, internal databases and IT security rules are combined with external threat information. The world’s first multi-level analysis algorithm of the suspicious e-mails allows the calculation of a particularly meaningful key figure – the LUCY Risk Score. First, the header data of the message is inspected. This is followed by the investigation of the message body. Subsequently, the trustworthiness of the sender as well as of the dispatch route are checked and finally the internal security rules are applied. This results in a comprehensive KPI:

E-Mail Risk Score by LUCY

 

Phishing Incident Plugin for MS-Outlook available everywhere

The plugin allows an immediate response to running cyber attacks. Because it’s such a powerful and highly beneficial feature we decided to make the functionality available to all commercial editions of LUCY Server. Already for 350 dollars you have the possibility to introduce a company-wide cyber alert-system in the enterprise. And that without user limitations! Read more about our Phishing Button here.

Multi-language awareness page

Since LUCY V1.0 you have the possibility to run several language versions of the same scenario in a mock phishing campaign. Now you can do the same with your learning and training content. With that LUCY became the most multilingual solution in the market!

“Collected user data” available in reports

The data you collect during a campaign from the users is now available in the reports and the data can be exported as well for further analysis. Read more about statistical campaign data in our Wiki.

Even more new or improved Features in LUCY V 3.4 :

  • Letsencrypt autorenewal SSL
  • Campaign stats page improvement
  • Phishing Incident Plugin for MS-Outlook fixes & improvements  (completely new code)
  • New stats for portable & file-based attacks
  • Performance improvements in the frontend (Ajax settings)
  • Enable screenshots in the java plugin (dropper)
  • Other minor improvements and multiple bugfixes

Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below:

The ultimate Phishing Tool and even more – LUCY V 3.3 out now!

A completely redeveloped PhishButton, Reports in Microsoft Word format, improved learning management system (LMS) functionalities: LUCY had become the ultimate Phishing Tool (and even more)! And it’s still free for up to 50 Users! Download it now.

New Version: The Phishing Tool and its training functionalities

Again, we put lot of efforts into our baby. With the feedback from our customers and we improved many existing features. Here’s the list:

Completely new Outlook Plugin / Phish Button: Starting with LUCY 3.3 the plugin is a signed MSI file and programmed as a C++/COM object. The loading time of the plugin is around 10 Milliseconds.

Reports in Microsoft Word Format – Docx: Within each campaign you will find a button that allows you to create a PDF, HTML, raw CSV and now in Version 3.3 a Word report based on a predefined *.docx template report format

New CSV reports. Export the insights you got in raw CSV format

Embedded java exploit: The JavaExploiter is a signed applet that will execute one or multiple commands and report back to LUCY

Recipient stats page improvement: http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=monitor_a_campaign_statistics#see_advanced_recipient_statistics

Alternative dashboard views & actions: You can select different default views for your dashboard and starting with LUCY 3.3 you can export the dashboard info (overall stats, campaign names etc.): Ability to reschedule awareness training: Starting with LUCY 3.3 the recipient will be able to re-schedule an awareness training.

The ultimate Phishing Tool Dashboard - LUCY V 3.3 is out

New Dashboard Style available – LUCY – Phishing Tool and more

Comparison improvement: Starting with LUCY 3.3 you have advanced comparison statistics that allow you to make also trend analysis

Scheduling improvement (Timezones)  Now you have the ability to create scheduling rules based on different time zones. If you specify a longer time range you can also ensure, that mails are not sent out on weekends by selecting the according checkbox

Victim reminder: The victim reminder is a new feature that can be configured within a campaign. It allows the administrator to define, that recipients who did not click on a link, did not start a training or did not finish a training, get a reminder message send after X days (to be specified).

Automated awareness link delay (LMS): Now you can set a delay for the automated awareness email. This setting will ensure, that people within the same office will not all be informed immediately that a phishing simulation took place.

Recipient list custom fields:  You can create custom recipient fields now. You can add any new recipient attribute you want (e.g. city, gender, education etc.). Those attributes can be used for using customized statistics in LUCY (dashboard filters or raw exports).

Linking a custom Wiki / Optional manual view: By default the LUCY admin or view only user will have access to the LUCY WIKI. If you don’t want to expose the WIKI or create your own web based manual with your corporate design, you can go to the advanced settings and define a link to your manual

Even more new or improved Features in LUCY V 3.3 – The ultimate Phishing Tool:

  • Ability to install all available patches at once
  • Improved charts in reports
  • Time-based variables in message templates
  • Website copying improvement
  • Campaign recipients page improvement
  • Victim side optimizations
  • License purchase improvement
  • Improved statistics
  • Campaign blocking improvements
  • Benchmark statistics improvement
  • Ability to detect clients behind proxy
  • Awareness scheduler improvement
  • Possibility to rename fields in report
  • Timeline improvements
  • Closed JS files from unauthenticated access
  • Setup tool improvement
  • Optional custom 404 for domains
  • OpenDKIM improvements
  • Optional let’s encrypt domain check
  • IDN improvements
  • Limited view account
  • Menu adjustments

Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below: