fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Now Lets You Disable Insecure JScript In Internet Explorer

Microsoft Now Lets You Disable Insecure JScript In Internet Explorer

Microsoft says that customers can now disable JScript (JScript.dll) execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates.

JScript is a legacy Microsoft implementation of the ECMAScript language specification in the form of an Active Scripting engine.

Adding an option to disable JScript’s execution is a huge security improvement since it allows IT admins to provide their users with a more secure browsing experience across enterprise environments where IE11 is still the web browser of choices for legacy software solutions.

“Blocking Jscript helps protect against malicious actors targeting the JScript scripting engine while maintaining user productivity as core services continue to function as usual,” Microsoft explains.

How to disable JScript

First of all, to be able to disable JScript execution in Internet Explorer you will first have to install the IE Cumulative security update released in April 2017 (or a newer one).

Also Read: The Importance Of Knowing Personal Data Protection Regulations

Additionally, before toggling off IE JScript execution on Windows 8, Windows 8.1, and Windows 10 versions 1507 up to 1709, it must be enabled using an Internet feature control key — instructions on how to configure such a key are available here.

To manually toggle off IE JScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone, you need to go through the following procedure:

  1. Click Start, click Run, type regedt32 or regedit, and then click Ok.
  2. To disable JScript execution in Internet Zone, locate the following registry subkey in Registry Editor:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\140D

    To disable JScript execution in Restricted Sites Zone, locate the following registry subkey in Registry Editor:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\140D
  3. Right-click the appropriate registry subkey, and then click Modify.
  4. In the Edit DWORD (32-bit) Value dialog box, type 3.
  5. Click OK, and then restart Internet Explorer.

After this, Internet Explorer will no longer run JScript from sites using IE legacy document modes (IE9 and earlier versions), as well as one those that are in the Internet Zone or Restricted Sites Zone.

To re-enable JScript execution for one or both security sones, you will have to set the value of the corresponding registry subkey to 0 and to restart Internet Explorer for the change to be applied.

JScript can also be blocked from executing scripts for emulated apps (including 32-bit programs running on 64-bit machines) by following the steps available in this advisory.

Also Read: The Scope Of Singapore Privacy: How We Use It In A Right Way

JScript and zero-day security vulnerabilities

Two actively exploited zero-day vulnerabilities were found in the JScript scripting engine and patched by Microsoft since September 2019.

Both of them were remote code execution (RCE) scripting engine memory corruption vulnerabilities stemming from the way the scripting engine handled objects in memory in Internet Explorer 9, 10, and 11.

CVE-2019-1367 was reported in September 2019 and CVE-2020-0674 in January 2020 by Clément Lecigne of Google’s Threat Analysis Group.

The two zero-days were actively exploited in targeted attacks and, according to Microsoft, if the currently logged on user has administrative permissions on a compromised device, attackers could take over the system after successful exploration, installing programs and manipulating data, as well as creating rogue accounts with full user rights.

Attackers could also exploit the zero-days using a maliciously crafted website that will remotely execute commands on the visitor’s computer without their knowledge or permission when visited using a vulnerable Internet Explorer version.

“Microsoft will continue to provide security updates for JScript via the latest cumulative updates for Windows 10, and Cumulative Updates for Internet Explorer 11 or Monthly Rollups for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard,” Microsoft says.

“If you have automatic updates enabled, updates will be automatically downloaded and installed on your users’ devices. If you have disabled automatic updates for your organization, you will need to check for updates and install them manually.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us