Government Trials Effort to Make Bug Scanning Easier
The UK’s leading cybersecurity agency has revealed details of a new initiative designed to make it easier for system administrators to root out vulnerabilities across their IT environment.
Scanning Made Easy (SME) is the work of GCHQ spin-off the National Cyber Security Centre (NCSC) and its industry collaboration initiative known as i100.
“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network. To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results,” wrote the NCSC’s vulnerability management lead, “Ollie N.”
“Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them.”
It’s designed to be as reliable and straightforward as possible, minimizing the false positives, which can be a significant inconvenience for time-poor IT teams.
To do so, SME is based on a collection of scripts written using the NMAP Scripting Engine (NSE), which is based on the industry-standard NMAP network mapping tool.
“The scripts are authored by our i100 partners and conform to the NCSC Scanning Made Easy Script Developer Guidelines. These set out how the scripts should be developed, as well as what they should and should not do. A summary is included with each script that describes how it will verify the vulnerability,” the NCSC continued.
“It is important that anyone running the scripts knows what they do. Thankfully, NSE makes this transparent as the script syntax is easy to read and understand.”
The tool offers far from comprehensive coverage, but the idea is that industry collaborators will write new scripts for critical and frequently exploited vulnerabilities.
The first SME script to be released scans for several Exim message transfer agent (MTA) remote code execution vulnerabilities known as “21Nails” (CVE-2020-28017 to CVE-2020-28026).
The NCSC encouraged organizations to try SME out and develop and share their own scripts with the community.
The recent travails associated with the Log4j logging utility highlighted the problem many administrators have in finding vulnerable instances of software across their environment, especially those featuring complex open source dependencies.
Government Trials Effort to Make Bug Scanning Easier
The UK’s leading cybersecurity agency has revealed details of a new initiative designed to make it easier for system administrators to root out vulnerabilities across their IT environment.
Scanning Made Easy (SME) is the work of GCHQ spin-off the National Cyber Security Centre (NCSC) and its industry collaboration initiative known as i100.
“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network. To make matters worse, even when there is a scanning script available, it can be difficult to know if it is safe to run, let alone whether it returns valid scan results,” wrote the NCSC’s vulnerability management lead, “Ollie N.”
“Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them.”
It’s designed to be as reliable and straightforward as possible, minimizing the false positives, which can be a significant inconvenience for time-poor IT teams.
To do so, SME is based on a collection of scripts written using the NMAP Scripting Engine (NSE), which is based on the industry-standard NMAP network mapping tool.
“The scripts are authored by our i100 partners and conform to the NCSC Scanning Made Easy Script Developer Guidelines. These set out how the scripts should be developed, as well as what they should and should not do. A summary is included with each script that describes how it will verify the vulnerability,” the NCSC continued.
“It is important that anyone running the scripts knows what they do. Thankfully, NSE makes this transparent as the script syntax is easy to read and understand.”
The tool offers far from comprehensive coverage, but the idea is that industry collaborators will write new scripts for critical and frequently exploited vulnerabilities.
The first SME script to be released scans for several Exim message transfer agent (MTA) remote code execution vulnerabilities known as “21Nails” (CVE-2020-28017 to CVE-2020-28026).
The NCSC encouraged organizations to try SME out and develop and share their own scripts with the community.
The recent travails associated with the Log4j logging utility highlighted the problem many administrators have in finding vulnerable instances of software across their environment, especially those featuring complex open source dependencies.
More Stories
Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds...
Quishing Attacks Jump Tenfold, Attachment Payloads Halve
The figures come from Egress’s latest report, which also suggests secure email gateways lag behind tech advancements Read More
Russia’s Sandworm Upgraded to APT44 by Google’s Mandiant
Mandiant has confirmed that Sandworm is responsible for many cyber-attacks against Ukraine has close ties with a Russian hacktivist group...
New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads
Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication Read More
Change Healthcare data for sale on dark web as fallout from ransomware attack spirals out of control
February's crippling ransomware attack against Change Healthcare, which saw prescription orders delayed across the United States, continues to have serious...
3.5 million Omni Hotel guest details held to ransom by Daixin Team
The international hotel chain Omni Hotels & Resorts has confirmed that a cyber attack last month saw it shut down...