Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/7/2012
01:40 PM
Don Bailey
Don Bailey
Products and Releases
Connect Directly
Twitter
RSS
E-Mail
50%
50%

New Version Of CORE Impact Professional Vulnerability Assessment Tool Released

CORE Impact v12.3 allows IT professionals to proactively identify and validate client-side vulnerabilities without the need to involve end users via social engineering

Boston, MA – May 7, 2012 – CORE Security®, a leading provider of predictive security intelligence solutions, today announced major enhancements to CORE Impact® Professional – the industry’s leading commercial-grade vulnerability assessment and penetration testing software – that allows organizations to proactively test endpoints at the operating system (OS) and application levels without the need to challenge end-users through social engineering.

CORE Impact v12.3 demonstrates how network systems and devices, endpoints, web applications, wireless networks and mobile devices can be compromised by safely replicating a broad range of attacks through an extensive library of more than 2,500 commercial-grade exploits and other attack techniques developed by security researchers at CORE Labs™. Multi-staged attacks leveled by CORE Impact can deftly pivot across systems, devices and applications to reveal how chains of exploitable vulnerabilities and exposures can provide criminals with access to high-value data.

“Having the ability to actually run exploits against vulnerable devices as part of a security assurance process can provide perspective on what is really at risk, versus just theoretically vulnerable. In an integrated scenario a discovered vulnerability can be tested for exploit immediately, to either shorten the window of exposure or provide immediate reassurance,” according to Mike Rothman, President, Securosis in the recent blog post, “Vulnerability Management Evolution: Value-Add Technologies.”

New Desktop and Laptop Computer Testing Features

· Endpoint Assessment with No End-User Involvement

CORE Impact can now assess client-side applications and operating systems within Microsoft® Windows and Apple® Mac OS X-based laptop and desktop computers prior to deployment in live environments. This allows IT professionals to proactively identify and validate client-side vulnerabilities without the need to involve end-users via social engineering.

· Customizable Phishing Email Template Interface

When social engineering tests are required to assess end-user security awareness, CORE Impact 12.3 makes it easier for security professionals to customize email templates to replicate spear phishing attacks specially tailored to target the organization.

New Wireless Network Testing Features

· WPS-Enabled Device Information Gathering

CORE Impact now enables IT security teams to discover and record comprehensive information from deployed laptop and desktop computers including WiFi Protected Setup (WPS), name, model, serial number and manufacturer.

· Man-in-the-Middle (MITM) Wizard

This new feature allows users to create fake access points and perform predefined Man-in-the-Middle (MITM) tests against WiFi clients through high-interaction “honeypots.” Predefined actions can include WiFi client credential collection, redirection of clients to alternate web servers, or injection of exploits or other changes into their Internet traffic.

New Web Application Testing Features

· Certificate-Based Authentication

CORE Impact can now impersonate regular authenticated users of a web application to discover vulnerable areas that could be leveraged to compromise sensitive data and assets.

· Mobile Browser Impersonation

By impersonating mobile browsers, CORE Impact is now able to emulate the mobile experience and find vulnerabilities that are only accessible in mobile versions of web applications.

· Acunetix® Web Scanner integration

Enables users to import and validate Acunetix vulnerability scan results to identify critical, exploitable web application weaknesses. CORE Impact Pro also integrates with HP Web Inspect®, IBM AppScan®, and NTOSpider™ .

New and Enhanced Vulnerability Testing Reports

· Executive

Provides IT and business executives with a single-page summary of testing activities and results in a visual format to enable them to both interpret and understand the results.

· Wellness

Reflects the completed testing results, details all exploits attempted – not just successful exploits – and provides high-level remediation suggestions.

· Vulnerability Validation

Efficiently validates resource deployment based on both industry and internal priority policies.

· Audit Mitigation

Provides data as to which vulnerabilities need to be patched or mitigated for use and review by internal and external auditor groups.

· Results Assessment

Provides a complete summary of assessment results as required for weekly, monthly or quarterly status updates of work completed.

· Attack Paths

Provides enhanced visual representation of possible attack paths leading to specific devices.

“Today’s threat landscape requires precision in vulnerability assessment and testing in order to provide IT professionals and executives alike with the confidence that their systems are secured against outside attacks and end-user mistakes. With the latest release of the industry-leading CORE Impact solution, IT professionals – for the first time – can perform comprehensive and reliable client-side tests without issuing social engineering tests on their end-user population, which can cause productivity and systems disruption,” said Milan Shah, senior vice president of Products and Engineering at CORE Security.

About CORE Impact Professional

CORE Impact Professional is the first and most comprehensive vulnerability assessment and testing software solution for proactively identifying critical information security exposures. Only CORE Impact empowers IT and security professionals to reveal the implications of Advanced Persistent Threats and other sophisticated attacks that jeopardize their organizations today. Unlike other vulnerability management solutions, CORE Impact provides customers with commercial-grade, multi-vector testing capabilities that safely replicate data breach attempts across network, client, web, mobile, and wireless environments. As a result, security teams gain actionable information for collaborating with compliance and business leaders to proactively prioritize and mitigate risk.

About CORE Security

CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CORE Labs, the company’s innovative security research center. For more information, visit www.coresecurity.com. Don A. Bailey is a pioneer in security for mobile technology, the Internet of Things, and embedded systems. He has a long history of ground-breaking research, protecting mobile users from worldwide tracking systems, securing automobiles from remote attack, and mitigating ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting