On March 22, the city of Atlanta was brought to its knees by a ransomware attack. CNN reported that the malicious incident affected at least five of the city’s municipal departments, effectively locking down key functions for the police, courts, and more. The attackers asked for the $51,000 ransom to be paid in the bitcoin cryptocurrency.

In February, Fortune, Wired, and other media outlets reported that hackers worked their way into automaker Tesla’s Amazon Web Services (AWS®) cloud account to mine for cryptocurrency. These so-called “cryptojacking” attacks are on the rise in concert with escalating cryptocurrency prices, prompting hackers to gain access to company networks to generate these virtual forms of tender.

Summary for all of the exploits and updates shipped to Core Impact 18.1 since its release (on Feb 14th): 14 Updates Overall 3 Remote Exploits 5 Client-Side Exploits 3 Local Exploits 3 Product Updates Here is the list of published updates:

Your business may already use an extensive cloud environment—or maybe you’re just evaluating your options for spinning up a single cloud server. Either way, this guide is your sanity check for aligning the security policies in place for your on-premise and cloud technology to protect data (and your company) from internal and external threats. Synchronized policies not only strengthen the security of data, but they also effectively enable your organization to maintain operations and prepare for regulatory audits.

“Some cloud vendors tout that systems deployed within their framework require little or no administration: You create an image with the software and applications that you want it to provide services for, spin it up in a management console, and Voila! you have an entirely new system online; with minimal cost, no hassle, little work. However, even with newer models for virtualization appearing on the horizon, this is not exactly how things are actually used today.”  

In the early 1990s the Open Software Foundation formed a committee to select and standardize a new Management Platform Toolset for and from the UNIX ecosystem. After much soul searching over a few months the OSF Management Platform never arrived. One of the committee, from the team that invented The Newcastle Connection (1980s *NIX history, go Google it) made a compelling presentation explaining why they failed. He spent the next 40 minutes wearing two hats, an exquisite red silk Chinese mandarin hat (with feather), and a green canvas guerrilla cap.

Today we're sharing how to use the customizable reports functionality available in Core Impact. In order to generate such agents, we'll use the "Network Report Generation" wizard. From the list of available reports, filter for type "spreadsheet" and select "Network Host Report". When clicking on "Duplicate" we'll get the prompt for a new report name. The new report can then be customized by selecting the "Edit" option.

It is our mission to continue to produce the most effective and efficient security products and services on the market. Today, I am happy to announce the release of Core Impact 18.1, our market leading penetration testing solution – where we put the focus on enabling user-testing and social engineering.

"I heard on the news about how some sites and mobile apps are vulnerable to Man-in-the-Middle attacks. What is a Man-In-The-Middle Attack, how does it work, and how can I protect myself?" Man-in-the-Middle (MitM) attacks are basically one website stepping in-between you and a legitimate website so that whatever you do on the legitimate website can be seen and stolen by the attacker who owns the site in the middle. There are two common ways this happens:

More than 1,800 delegates from companies around the globe converged last week in Las Vegas for Gartner’s annual Identity and Access Management (IAM) Summit. Gartner IAM is unique in that it is solely focused on identity and access management rather than covering all areas of security. 

So you’re using Core Access Assurance Suite (AAS). Maybe you’ve been using it for a while and have a routine down – but there may be ways to make your experience with this program even better. Every now and then it’s important to reassess the tools you are using to see how you can get more out of them. Today’s post is to share a few tips to help create a better user experience with the product through regular maintenance activities.

Summary of all of the exploits and updates shipped to Core Impact 2017 R2 since Sept 26th (the last Dot release):

One of the most common ways for breaches to occur is purely out of not knowing if or how it could happen. You can’t protect what you don’t know you have – or that you don’t know you have to. Here are some tips for auditing your data and putting some security action behind it.

There are many reasons to penetration test your organization – and not just to adhere to compliance protocols. Nonetheless, sometimes that’s the routine we get caught in, isn’t it? We do it just because we have to, but we don’t leverage the findings from the tests to better secure our business. Well, today’s the day we start leveraging and seeing the true value behind penetration testing. Take a look at these four ways in which you can benefit from penetration tests.

It’s not just about hiring a group of people and dubbing them as part of a Red Team. There are some important steps to ensure you are hiring the right people for the job at hand with a focused goal in mind. Here are the five key steps to build out a successful Red Team: 1. Have the Right Conditions Oftentimes when looking for jobs people are seeking a good culture-fit. A place where they are challenged and won’t become stagnant in their abilities or uninspired causing them to not reach their full potential.

Welcome to part two of our series on building a vulnerability management program. Today we go through steps three and four of our build but if you missed last week, you can catch up here. 

Things just got real for companies that need to comply with PCI requirements. Not only is PCI v3.2 mandated, the PCI Standards Security Council has issued guidance on using penetration testing as part of a vulnerability management program.

Let's talk about actual tactics you can put in place to start building or improving your vulnerability management program. 

Red Team Basics The SANS definition of a Red Team is, “a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access.”

The Equifax breach was caused by a vulnerability. The WannaCry virus exploited a vulnerability. The stories don’t seem to end but it seems like no one is talking about how to solve this problem which is: start a vulnerability management program. “Manage the vulnerabilities in my network? Sounds easy” well, not so much, but not so difficult that you shouldn’t be spending time and resources on it. This blog covers the planning and set up of vulnerability management programs. 

At the age of six, my parents were looking for ways to get me out of the house and burn some of that energy every six-year-old child has. On top of being pretty small, I grew up in a small town. So my options for youth sports were pretty limited. However, through a series of conversations, my parents decided to get me involved in the youth wrestling program. What I didn’t understand at the time, was this was the beginning of many life lessons. In today’s blog, I want to talk about a few of those lessons and how they correlate to running web application pen tests.

It is our mission to continuously provide to you a comprehensive and up-to-date penetration testing tool to meet the needs of the market. Today we are recapping the 23 total updates that have been shipped to Core Impact 2017 R2 since its release on August 14th 2017. The team has been working hard to develop these improvements in order for our users to continue to experience the maximum value from Core Impact.

*As used previously in GCN.com As governments look for more ways to reduce costs, electronic payments have become an economical method of purchase. Using credit or debit cards reduces the time it takes to receive funds, is less error-prone and makes it easier for residents to pay.

Zombie accounts, also known as abandoned accounts, are user accounts left with no verifiable owner. This happens most often when someone leaves your company and their access to a certain application is never terminated. In a perfect world, the person that leaves you would never try and get back into your system for any reason. However, our world is not perfect. Instead, we have rogue players who can create or hide these accounts in your system for nefarious reasons.

You can have all the tools in place: firewalls, security programs, routinely updated passwords and security team members. But that still might not be enough.