Releases

Mondoo February 2024 Release Highlights

It may be the shortest month, but we still managed to pack a lot of great features and enhancements into Mondoo in February! We made big improvements to our vulnerability detection capabilities and experience, supercharged performance, and gave you access to more infrastructure data.

Expanded CVE detection

We added vulnerability detection for more platforms and improved existing platforms.

New Microsoft application CVE detection​

Expose additional critical vulnerabilities on your workstations and servers with new application vulnerability detection for Microsoft Edge, .NET Framework, and Visual Studio Code. Mondoo automatically flags vulnerable releases on the asset's Software tab. Links to relevant CVEs and Microsoft KB advisories help you understand the risk of outdated software releases in your environment.

ms_edge

New Pop!_OS​ CVE support

Mondoo now identifies vulnerabilities in Pop!_OS, the Ubuntu-derived distribution for System76 laptops.

Improved VMware vSphere advisory & CVE detection​

We expanded VMware vSphere advisory and CVE detection to ensure you always have the latest advisories and vulnerabilities flagged on both ESXi and vSphere assets.

vmware

New Ubuntu 24.04 EOL and CVE support​

Mondoo now detects the end-of-life date for the upcoming Ubuntu 24.04 release as well as package CVE data. Although the Ubuntu release doesn't come out until April, we want you to be secure from day one.

Improved software vulnerability experience

Find critically outdated software faster with improvements to the Software tab for assets. New quick filter buttons let you select between OS packages and applications. Badges help you narrow down risk with EPSS/CVSS3 scores.

filter

More source information for CVEs

For vulnerabilities that have known exploits in the wild, Mondoo now provides a link to the external citation from the CVE page.

  • For software vulnerabilities listed in the CISA Known Exploited Vulnerability (KEV) database.
  • For software vulnerabilities listed in Metasploit, Mondoo now provides a link to the Metasploit source repository.
cve_with_metasploit

See the top vulnerabilities for a space

Each space overview now shows the top vulnerability in the space, as determined by the ratio of impacted assets and CVSS score.

space_overview

Performance

We paid extra attention to performance in February. To make sure you get the best security results without waiting, we refactored how Mondoo initiates scans, compiles CVE data, and executes the shell.

We cut large asset scan times in half! And we dramatically improved memory usage at the same time—from ~950 MB to just ~200 MB.

For some platforms, we improved performance even more:

  • GitHub organization scans are an additional 5x faster.
  • Azure subscription scans are an additional 3x faster.
  • Slack user queries for large workspaces are up to 25x faster.

Monitor your infrastructure for security misconfigurations and maps those checks automatically to top compliance frameworks.

New and expanded resources

This past month we added new resources and resource fields to give you access to even more asset data.

New sshd.config.blocks field​

The ssh.config resource now includes a new blocks field that lets you query configuration data defined in individual SSHD match groups.

For example, suppose you have an SSHD configuration file with a match group for sftp-users:

...
X11Forwarding yes

Match Group sftp-users
X11Forwarding no
PermitRootLogin no
AllowTCPForwarding yes

Previously, the sshd.config.params field showed you both instances of the X11Forwarding configuration without the context necessary to understand where this configuration is applied:

> sshd.config.params.X11Forwarding
"no,yes"

Now using blocks you can see exactly which users get each configuration option:

> sshd.config.blocks { criteria params }
sshd.config.blocks: [
  0: {
    criteria: ""
    params: {
      X11Forwarding: "yes"
      ...
    }
  }
  1: {
    criteria: "Group sftp-users"
    params: {
      AllowTcpForwarding: "yes"
      PermitRootLogin: "no"
      X11Forwarding: "no"
    }
  }
]

More resource additions and improvements

Use this field... To retrieve...
npm.packages NPM packages installed on an asset
cloudWatchLogsLogGroupArn AWS CloudWatch log group ARN
expiration Expiration date/time for a Google Cloud pub/sub service snapshot
files Files in a package
cpe Common Platform Enumeration (CPE) identifier in Windows
resourceTypes Specific types of resources that an AWS Config configuration recorder records
destinationType Destination type for Amazon Virtual Private Cloud (VPC) flow log data
deliverLogsStatus Delivery status for Amazon Virtual Private Cloud (VPC) flow log data

The guidance you need for smart security decisions

This past month we invested our time in making sure you have access to the information you need to make the most important security improvements. We made it easier to identify your patching priorities. We gave you access to more data on your assets. And we do it all faster and with less memory!

If you're not already benefiting from the security intelligence that Mondoo provides, now is a great time to start.

Letha Dunn

Letha has been writing about technology for more than thirty years. During the past decade, she’s focused on educating engineers about identity and access management, security, CI/CD, and project velocity. Letha lives in the Pacific Northwest, where she rescues and rehabilitates abused and neglected horses and dogs.

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007 and port scanning class As since 1994. He downloaded his first Linux distro on a 14.4 modem. Tim most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

You might also like

Mondoo May 2024 Release Highlights
Releases
Mondoo April 2024 Release Highlights
Linux
Exploring the Latest Security Features in Ubuntu 24.04