Thursday, July 28, 2011

VRT Rule Update for 7/28/2011

Welcome the introduction of the newest rule release for today from the VRT. In this release we introduce 11 new rules and make modifications to 6 more.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the backdoor, blacklist and web-client rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Wednesday, July 27, 2011

Barnyard2 sets up a Google Group!

Greetings everyone,

The barnyard2 team want to announce the creation of two Google groups that will be used ease the way for users to report issue or find answers and discuss about barnyard2 related topics.

barnyard2-users and barnyard2-devel.

barnyard2-users@googlegroups.com (for users problems and issues)
barnyard2-devel@googlegroups.com (for development updates, fixes, patches, comments, and more)

We strongly encourage you to join if you have any issues/commenst/questions related to barnyard2.

We would also like to launch a special invitation to UI developers that are willing to improve the future of the database schema and the handling of unified2 EXTRA_DATA event type.

Any comments or question can also be directed to

Ian Firns firnsy@securixlive.com
Eric Lauzon beenph@gmail.com

Eager to see you arround in the barn *wink wink*

Update:  Here is the direct link to the barnyard2 group: http://groups.google.com/groups/dir?lnk=nhpsfg&q=barnyard2.  Thanks Jason!

-The barnyard2 team.

SQueRT 0.9.0 has been released!

Big UI changes with this release.

## CHANGELOG:

* tabbed interface
* date ribbon
* CSS/JS fixes and cleanup
* Bunch of new stuff

## New pictures are here:

http://www.squertproject.org/screenshots

## Demo server:

Is currently down until a new hosting provider can be found.

## You can download it here:

http://www.squertproject.org/download

--Paul Halliday

Tuesday, July 26, 2011

VRT Rule Update for 7/26/2011

Welcome the introduction of the newest rule release for today from the VRT. In this release we introduce 31 new rules and make modifications to 6 more.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
Oracle Database Server (CVE-2011-0799):
Oracle Database Server contains a programming error that may allow a remote, unauthenticated attacker to access data residing on an affected system. The attack vector is an SQL injection vulnerability using the Oracle Warehouse Builder User account.

Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, SIDs 19599 and 19600.

Oracle Sun Products Suite (CVE-2011-2260):
The Oracle GlassFish Server component in the Oracle Sun Products Suite contains a programming error that may allow a remote attacker to execute a cross-site scripting attack.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 19605.

Additionally, the Sourcefire VRT has added and modified multiple rules in the backdoor, blacklist, botnet-cnc, exploit, netbios, specific-threats, spyware-put and web-client rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Monday, July 25, 2011

Nick Moore's Webcast Slides are posted

This past week's webcast was not recorded, however, I have posted the slides for the presentation, and they are available at the Snort Webcast Series Link.

I am going to try and get future webcasts recorded for easy playback, sorry for any inconvenience.

Nick's webcast was on the basics of Snort tuning, a "101" class.  Nick talks about the importance of variables, rule tuning, and lots of other goodies.

Snorby 2.3.1 has been released!

Snorby 2.3.1 ships with a large amount of bug fixes, design and,
user experience improvements. A new version of Insta-Snorby will be released
later tonight bundled with the latest versions of snorby, openfpc and, snort.

Source Code: https://github.com/Snorby/snorby
Website: http://www.snorby.org

Source Changes Since 2.2.7:

# Snorby 2.3.1

* Numerous UI enhancements.

# Snorby 2.3.0 (codename: fixme)

* Backend
* Cache logic now processes in chunks to prevent blowing the stack
* Fixed issues with daily cache not processing when events return nil
* Epic amounts of other bug fixes

* UI/UX
* Admin menu move to sub menu bar for UX reasons.
* Change hotkeys that conflict with macosx bindings
* Box titles now built with css
* Content headers now built with css and window menus now align correctly.
* Flash message now covers only the top header.

Tuesday, July 19, 2011

VRT Rule Update for 7/19/2011

Welcome the introduction of the newest rule release for today from the VRT. In this release we introduce 22 new rules and make modifications to 24 more.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the backdoor, blacklist, policy, spyware-put and web-php rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Register for Nick Moore's Webcast -- Snort Monthly Webcast

Thank you for attending the webcast, the slides will be posted shortly.

Thursday, July 14, 2011

VRT Rule Update for 7/14/2011 - A Malware Update

The newest rule release for today from the VRT. In this release we introduce 84 new rules and make modifications to 1 more.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the backdoor, blacklist, policy, spyware-put and web-php rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 12, 2011

VRT Rule Update for 7/12/2011, MS Tues

The newest rule release for today from the VRT. In this release we introduce 23 new rules and make modifications to 5 more.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
Microsoft Security Advisory MS11-054:
The Microsoft Windows Operating System contains a programming error
that may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 19467 through 19469.

Microsoft Security Advisory MS11-055:
Microsoft Visio contains a programming error that may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, SIDs 19465 and 19466.

Microsoft Security Advisory MS11-056:
The Microsoft Client/Server Runtime Subsystem (CSRSS) contains programming errors that may allow a remote attacker to execute code on an affected system.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 19460 through 19464.


A complete list of new and modified rules is provided in a separate file on the Sourcefire Customer Support Site.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Saturday, July 9, 2011

VRT Rule Update for 7/7/2011

The newest rule release for today from the VRT. In this release we introduce 41 new rules and make modifications to 10 more.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the backdoor, blacklist, exploit, scada, specific-threats, sql, web-cgi and web-misc rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 7, 2011

VRT Rule Update for 7/6/2011

The newest rule release for today from the VRT. In this release we introduce 3 new rules and make modifications to 26 more.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the specific-threats and web-client rule sets to provide coverage for emerging threats in these categories.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!