KMSAT and PhishER - Email Editor Issues
Incident Report for KnowBe4
Postmortem

On Wednesday, 02/07/2024, from approximately 2:00 p.m. to Wednesday, 02/14/2024 at 7:00 p.m. (UTC), an alert message displayed when the email template editor loaded in users’ KnowBe4 console or PhishER platform.

This incident was caused when our HTML editor provider released a new version of their editor. Older versions of the editor were no longer considered secure, and as a result, the provider displayed an alert message in the editor of the KnowBe4 console and PhishER platform. Once we updated the KnowBe4 console and PhishER platform to use the latest version, the editor was considered secure and the alert message no longer displayed.

To prevent this type of issue in the future, we plan to monitor the third-party editor provider’s release notes to prepare for new version releases.

No data was lost as a result of this incident. The level of vulnerabilities for the third-party editor provider was low to moderate. We released a fix in a week, and this timeframe is in the expected remediation timeline for our SLA. For more information about our policy on vulnerability timeframes, visit Security | KnowBe4.

Posted Mar 14, 2024 - 18:07 UTC
Resolved
This incident has been resolved.
Posted Feb 14, 2024 - 18:57 UTC
Monitoring
We’ve implemented a fix for the issue in the KnowBe4 console and we’re monitoring the results to make sure no further issues occur. We’ll continue to post on our status page with any new information or updates.
Posted Feb 12, 2024 - 17:37 UTC
Update
We’ve implemented a fix for the issue in PhishER and we’re monitoring the results to make sure no further issues occur. We are working on implementing a fix for KMSAT, and we’ll continue to post on our status page with any new information or updates.
Posted Feb 08, 2024 - 20:01 UTC
Identified
We’ve identified the cause of the email editing issues some users are experiencing in their KnowBe4 consoles and PhishER platforms. We are working on implementing a fix, and we’ll continue to post on our status page with any new information or updates.
Posted Feb 07, 2024 - 20:12 UTC
This incident affected: PhishER (Console) and Kevin Mitnick Security Awareness Training (KMSAT) (Console).
Current Status Powered by Atlassian Statuspage