Do your company’s employees seem like easy dupes for e-mail phishing attacks and other scams? A vulnerability-assessment tool from Core Security Technologies lets you set up automated tests to find out. Impact 7.0 lets you set up automated spear-phishing attacks and other types of e-mail-based threats, record how targeted users react to the bait, and collect the results in reports for review. It also can check users’ desktop applications for vulnerabilities and need for patch updates. “With Impact, you can model a spear-phishing attack, and find out which users will click on embedded e-mail that fools them with a ’You’ve won a vacation prize,’” says Will Aguilar, senior product manager.The vulnerability-assessment tool’s Client-Side Rapid Penetration Test offers a selection of templates to set up simulated social-engineering attacks, including a hidden Trojan horse that users might be duped into installing. The social-engineering testing component augments Impact’s vulnerability-assessment capabilities for server and desktop applications and operating systems.Impact 7.0, expected to ship by the end of August, starts at US$25,000. — Ellen Messmer, Network World (US) Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe