Friday, April 18, 2014

Interest in Starting an Eastern Pennsylvania Snort User Group!

I just posted another interested Snort User Group on the user-groups page on Snort.org.  Mr. David Chastain emailed me and was interested in starting a group and set up an email address just for it.

Please take a look at our User-Groups page, and if you are interested in joining Mr. Chastain's group or any other Snort User Group, please email the owner of the group listed on that page let them know!  Thanks!

Thursday, April 17, 2014

Sourcefire VRT Certified Snort Rules Update for 04/17/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/17/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 32 new rules and made modifications to 0 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added multiple rules in the server-other rule set to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 04/17/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/17/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 14 new rules and made modifications to 14 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
30566

Avery Tarasov
30567
30568
30569
30570

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, file-identify, file-java, file-multimedia, malware-cnc, malware-other, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, April 15, 2014

Sourcefire VRT Certified Snort Rules Update for 04/15/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/15/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 31 new rules and made modifications to 10 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
30543
30544
30545
30546
30547
30548
30550
30551
30552

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, file-flash, file-multimedia, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, April 10, 2014

Sourcefire VRT Certified Snort Rules Update for 04/10/2014, HeartBleed

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/10/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 6 new rules and made modifications to 29 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, file-identify and server-other rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Wednesday, April 9, 2014

2014 Snort Scholarship is now open!

Annually, Sourcefire provides a Snort Scholarship to two individuals selected at random (by drawing) in the amount of $5000 US for higher education purposes.

To be eligible, you must meet the legal criteria found here on our website, sign up for the scholarship here, and following that, on or about June 6, 2014, two winners will be selected.

To apply, you must go target="_blank">here and click on the pig image in the middle of the page! Good luck!

Tuesday, April 8, 2014

Sourcefire VRT Certified Snort Rules Update for 04/08/2014, MsTuesday, OpenSSL TLS Heartbeat

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/08/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 37 new rules and made modifications to 296 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
30481
30482
30483
30484

In VRT's rule release:
OpenSSL TLS heartbeat read overrun CVE-2014-0160:
A programming error in the OpenSSL heartbeat extension exists that may
lead to information disclosure.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 30510 through 30517.

Microsoft Security Bulletin MS14-018:
Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 30497 through 30502,
and 30508 through 30509.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 24974 through 24975.

The Sourcefire VRT has also added and modified multiple rules in the
blacklist, browser-firefox, browser-ie, exploit-kit, file-office and
server-other rule sets to provide coverage for emerging threats from
these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!