Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

UK NCSC is going to release Nmap scripts to find unpatched vulnerabilities

The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find unpatched vulnerabilities. The United Kingdom’s National Cyber Security Centre (NCSC) announced the release of NMAP Scripting Engine scripts that can help defenders to scan their infrastructure to find and fix unpatched vulnerabilities impacting them. The […]

NCSC UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find unpatched vulnerabilities.

The United Kingdom’s National Cyber Security Centre (NCSC) announced the release of NMAP Scripting Engine scripts that can help defenders to scan their infrastructure to find and fix unpatched vulnerabilities impacting them.

The scripts were developed by i100 (Industry 100), an initiative that promotes close collaborative working between the NCSC and 100 industry personnel.

The scripts will be published on GitHub through a project named Scanning Made Easy (SME).

“Scanning Made Easy (SME) is a joint project between the i100 and the NCSC to build a collection of NMAP Scripting Engine scripts, designed to help system owners and administrators find systems with specific vulnerabilities.” reads the description of the project.

“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network. To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results. Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them. Should you be interested in developing a script for SME, more detail can be found below on how scripts should be produced, how the NCSC will approve, publication and through life management.”

The NCSC will approve a script submitted industry partners by checking if it met the following mandatory requirements:

  1. written for NMAP using the NMAP Script Engine (.nse).
  2. relate to one of the high priority vulnerabilities impacting the UK;
  3. conform to the metadata template;
  4. run in isolation, i.e. no dependencies and does not connect to other servers;
  5. be as close to 100% reliable in detection of vulnerable instances as is practicable, i.e. low false-positive rate;
  6. be as unintrusive (i.e. not transmit excessive network traffic) and safe as possible in the detection mechanism;
  7. be hosted on a publicly available repository or website;
  8. be made freely available under a permissive open source license;
  9. not to capture sensitive data, e.g., exposure of cyber security risk or personal;
  10. not to send data off the system upon which the script is run; and
  11. ability to write the output from the script to a file.

Partners that have uploaded a script to a publicly available repository or website can contact the NCSC at https://www.ncsc.gov.uk/section/about-this-website/general-enquiries. The Agency will check the script, and once assessed notify the community and link to it.

The NCSC has already released the first SME script to allow the maintainers of the Exim email server software to address a collection of 21 vulnerabilities, dubbed 21Nails, that can be exploited by attackers to take over servers and access email traffic through them.

“We want SME to be as straightforward as possible to use, and also needs to be reliable. Providing a false sense of security, or false positives, doesn’t help make your systems safer, as you won’t be fixing the real security issues.” states the announcement published by NCSC. “This is why SME scripts are written using the NMAP Scripting Engine (NSE)NMAP is an industry standard network mapping tool that has been in active development for over 20 years.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, NMAP)

[adrotate banner=”5″]

[adrotate banner=”13″]