Tuesday, January 16, 2018

Snort Subscriber Rule Set Update for 01/16/2018

Just released:
Snort Subscriber Rule Set Update for 01/16/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 37 new rules of which 2 are Shared Object rules and made modifications to 13 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, malware-cnc, os-other, policy-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, January 11, 2018

Snort Subscriber Rule Set Update for 01/11/2018

Just released:
Snort Subscriber Rule Set Update for 01/11/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 12 new rules of which 0 are Shared Object rules and made modifications to 10 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
45397
45398
45400
45411
45412


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-office, file-pdf, policy-other, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, January 9, 2018

Snort Subscriber Rule Set Update for 01/09/2018, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 01/09/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 37 new rules of which 0 are Shared Object rules and made modifications to 36 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-0758:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45383 through 45384.

Microsoft Vulnerability CVE-2018-0762:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45389 through 45390.

Microsoft Vulnerability CVE-2018-0769:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45376 through 45377.

Microsoft Vulnerability CVE-2018-0773:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45395 through 45396.

Microsoft Vulnerability CVE-2018-0774:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45387 through 45388.

Microsoft Vulnerability CVE-2018-0775:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45391 through 45392.

Microsoft Vulnerability CVE-2018-0776:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45378 through 45379.

Microsoft Vulnerability CVE-2018-0777:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45374 through 45375.

Microsoft Vulnerability CVE-2018-0797:
A coding deficiency exists in Microsoft Word that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45402 through 45403.

Talos also has added and modified multiple rules in the
browser-firefox, browser-ie, file-flash, file-office, file-other,
file-pdf, malware-cnc, os-other, os-windows, policy-other,
protocol-voip, pua-adware, server-apache, server-other and sql rule
sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, January 5, 2018

Snort Subscriber Rule Set Update for 01/04/2018, Release #2, Intel Vulnerabilities

Snort Subscriber Rule Set Update for 01/04/2018, Release #2, Intel Vulnerabilities

We welcome the introduction of the newest rule release from Talos. In this release we introduced 12 new rules of which 0 are Shared Object rules and made modifications to 0 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Spectre and Meltdown CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754: A design flaw exists in modern CPUs that may lead to information disclosure. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 45357 through 45368.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, January 4, 2018

Snort 2.9.11.1 has been released!

Snort 2.9.11.1 has been released!

Release Notes:

2017-12-06 - Snort 2.9.11.1

New Additions


  • Added support to block portscan. In addition to tracking the scanning packets, action(drop/sdrop/reject) will be taken for all the packets, which means Snort will block the packet and generate logs.
  • Added support to re-evaluate reputation after reputation update for all flows except those that have already been blacklisted.

Improvements


  • Fixed issue to detect RTP up to two SSRC switches in each traffic direction.
  • Fixed issues related to HTTP POST header flushing, calling file processing directly if it is not a multipart header and changes to avoid expensive copy of segment data by not splitting them when flushing headers.
  • Fixed issue of triggering protocol sweep alert when there are multiple destinations from single source ip protocol scan.
  • Added changes to fix IP portscan for protocol other than ICMP and fixed issue of bad fragment size event not being generated for oversized packets.
  • Added changes to use raw data in case of PDF and SWF files during file processing for SHA calculation and Malware Cloud Lookup.
  • Fixed issue of correct session matching for TCP SYN packets without window scale option so that FTP data channels match the same rule as FTP control channels.
  • Fixed issue of applying new configuration in file inspection after Snort reload.

We'd like to thank the following Snort Community members for working us to fix issues released in 2.9.11.1:

Markus Lude
BlueSky
David Binderman

You can download Snort version 2.9.11.1 from it's usual location on Snort.org.  Talos will be releasing the ruleset for 2.9.11.1 later today (January 4th, 2018).

As always, you can report issues with Snort via our Snort-devel mailing list, and continue discussion for users on our Snort-users mailing list.

Thanks for your support of Snort and Happy New Year!

Snort Subscriber Rule Set Update for 01/04/2018

Just released:
Snort Subscriber Rule Set Update for 01/04/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 94 new rules of which 0 are Shared Object rules and made modifications to 24 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-flash, file-image, file-java, file-multimedia, file-other, indicator-compromise, malware-cnc, policy-other, server-apache, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Wednesday, January 3, 2018

Snort Subscriber Rule Set Update for 01/02/2018

Just released:
Snort Subscriber Rule Set Update for 01/02/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 2 new rules of which 0 are Shared Object rules and made modifications to 107 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!