UpGuard Release Notes

• The Data Leaks workflow has been simplified. Now there are only 3 states for a Data Leak - Disclosed, Acknowledged, and Closed. The Closed status still includes the reason for closure (Fixed, Not a Risk, or Risk Accepted), and can be verified by an UpGuard analyst as an additional final step.
• The Documents list on the Questionnaire Details page now includes all documents relevant to the questionnaire, and whether they have been included or not. This allows users to easily see which documents have been uploaded and which have been omitted.
• Users can now include a message when requesting remediation, which will be visible to the recipient.
• Users must now include a "justification" when creating a risk waiver which will be visible to the approver, if one exists. If there is a separate approver, their justification will be shown separately.
• Score history (up to a year if the data is available) is now enabled by default for all accounts.
• There is a new action in the Actions dropdown to "Send a message" available on the Questionnaire Details screen. This prompts the user to enter a message in the Correspondence section.
• Admin users can now remove themselves from an account, as long as there is at least one other admin user on the account.
• Various bug fixes and cross-browser improvements.

We have added several major new features to the CyberRisk platform:

• Risk Waivers: Use risk waivers to accept risks and hide them from your risk profile. This is especially useful when you have compensating controls in place which you believe mitigate the risk. Currently risk waivers can be applied to risks identified with your own Internet-facing assets (your own “Web Risks” identified in BreachSight).
• Enhanced Vulnerabilities Detection: We have improved the way we detect vulnerabilities, both with your own web assets (in BreachSight), and those of your vendors (in VendorRisk). We also explicitly check for the recently discovered BlueKeep vulnerability.
• Typosquatting Detection: We have launched a new module to help you manage your typosquatting-related cyber risk. You can choose which domains you want to monitor, and then review and monitor the registered and unregistered permutations of these domains for suspicious activity. Contact UpGuard Support to arrange access.

We have made a few other changes too:

• When viewing a list of websites (“Web Risks”), you can now view as a tree to make it easier to navigate subdomains
• Various bug fixes

We have just released a new version of CyberRisk, which brings several minor enhancements and a number of bug fixes:

• Attachments now supported in-line within questionnaires, rather than all being at the end of a questionnaire. This makes it easier to correlate specific questions with evidence (documents).
• When you start monitoring a vendor, you can now apply custom labels (as well as the built-in labels).
• In VendorRisk, you can now see the date that your allocation of Instant Reports rolls over.
• Various bug fixes

• Integrations: CyberRisk now enables you to call out to external Webhooks when notifications (events) are generated. For instance, you may want to send a message to one of your internal systems whenever a new data leak is detected.
• VendorRisk - view unanswered questions: When viewing the details of a questionnaire there is now a panel which shows which questions have not been answered.
• VendorRisk - Disable “Questionnaire Marked as Complete” emails to vendors: When you mark a questionnaire as “Complete”, CyberRisk previously sent an email back to the recipients of that questionnaire, telling them you have marked it as complete. The purpose of this was to give your vendor feedback that you are satisfied with their response, and have completed the review process. Based on user feedback, this email no longer gets sent unless you explicitly activate it. This is done (by an account admin) in the “Questionnaires” tab of the “Account Settings”.
• Various bug fixes