fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

UK Govt Releasing Nmap Scripts to Find Unpatched Vulnerabilities

UK Govt Releasing Nmap Scripts to Find Unpatched Vulnerabilities

The United Kingdom’s National Cyber Security Centre (NCSC), the government agency that leads UK’s cyber security mission, is releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks.

This is a joint effort between the NCSC and i100 (Industry 100), an initiative that brings together industry and government experts to find solutions to cybersecurity threats.

Also Read: How To Comply With PDPA: A Checklist For Businesses

The scripts, authored by i100 partners or security experts who want to share their scripts with the community, will be published on GitHub through a new project named Scanning Made Easy (SME).

“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network,” the NCSC said today.

“To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results. Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them.”

Before adding new scripts to the SME collection, the NCSC will check if the following requirements are met:

  1. written for NMAP using the NMAP Script Engine (.nse).
  2. relate to one of the high priority vulnerabilities impacting the UK;
  3. conform to the metadata template;
  4. run in isolation, i.e. no dependencies and does not connect to other servers;
  5. be as close to 100% reliable in detection of vulnerable instances as is practicable, i.e. low false-positive rate;
  6. be as unintrusive (i.e. not transmit excessive network traffic) and safe as possible in the detection mechanism;
  7. be hosted on a publicly available repository or website;
  8. be made freely available under a permissive open source license;
  9. not to capture sensitive data, e.g., exposure of cyber security risk or personal;
  10. not to send data off the system upon which the script is run; and
  11. ability to write the output from the script to a file.

First SME script already released

The NCSC has already released the first SME script in collaboration with NCC Group (an i100 partner) to help admins scan for servers vulnerable to attacks using 21Nails exploits that target Exim remote code execution vulnerabilities.

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

The UK government agency plans to only release new Nmap scripts for critical security vulnerabilities believed to be on top of threat actors’ target lists.

NCSC’s new SME project aims to make detecting vulnerable systems easier with the help of reliable and simple-to-use tools.

“We want SME to be as straightforward as possible to use, and also needs to be reliable. Providing a false sense of security, or false positives, doesn’t help make your systems safer, as you won’t be fixing the real security issues,” the NCSC added.

“This is why SME scripts are written using the NMAP Scripting Engine (NSE). NMAP is an industry-standard network mapping tool that has been in active development for over 20 years.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us