Thursday, October 18, 2018

Snort rule update for Oct. 18, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 18, 2018

The newest SNORTⓇ rule release is here from Cisco Talos. In this release, we introduced 31 new rules, three of which are shared object rules. There are also five modified rules, of which three are shared object rules.

Tuesday, October 16, 2018

Snort rule update for Oct. 16, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 16, 2018

Cisco Talos just released the newest rule set for SNORTⓇ. In this release, we introduced 31 new rules, none of which are shared object rules. There are also 30 modified rules.

Thursday, October 11, 2018

Snort 2.9.12.0 has been released

Please join us as we welcome SNORTⓇ 2.9.12.0 to the family!

Some release notes on this latest version:

New Additions

  • Parsing HTTP CONNECT to extract the tunnel IP and port information.
  • Alerting and dechunking for chunked encoding in HTTP1.0 request and response.

Snort 2.9.11.0 end of life warning

SNORTⓇ subscribers, as many of you may have noticed, we've been keeping Snort version releases around a lot longer over the past couple of years.

We are currently working on revising our end of life (EOL) policy to take into account a mix of time and market share. Essentially, we will begin to shut down versions of Snort that make up less than 10 percent of our downloads or have been around for five years, whichever comes first. More details will be released about this soon.

Snort rule update for Oct. 11, 2018


Just released:
Snort Subscriber Rule Set Update for Oct. 11, 2018

Today, Cisco Talso released the newest rule update for SNORTⓇ. In this release, we introduced 67 new rules, none of which are shared object rules. There are also four modified rules.

This release contains coverage for several Adobe vulnerabilities, including bugs in Flash Player, Acrobat and Reader.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, deleted, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, malware-cnc, os-linux, os-other, os-windows, protocol-dns, pua-adware, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, October 9, 2018

Snort rule update for Oct. 9 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Oct. 9, 2018

The newest SNORTⓇ rule set from Cisco Talos is here, covering the numerous vulnerabilities disclosed as part of Microsoft Patch Tuesday.

In this release, we introduced 29 new rules, of which four are shared object rules. There are no modified rules.

If you would like to know more about the monthly security update from Microsoft, visit the Talos blog here.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Vulnerability CVE-2010-3190: A coding deficiency exists in MFC that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 18619 through 18623 and 18625 through 18629.

Microsoft Vulnerability CVE-2018-8333: A coding deficiency exists in Microsoft Filter Manager that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48055 through 48056.

Microsoft Vulnerability CVE-2018-8411: A coding deficiency exists in NTFS that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48057 through 48058.

Microsoft Vulnerability CVE-2018-8413: A coding deficiency exists in Microsoft Windows Theme API that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48059 through 48060.

Microsoft Vulnerability CVE-2018-8423: A coding deficiency exists in Microsoft JET Database Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 47885 through 47888.

Microsoft Vulnerability CVE-2018-8453: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48072 through 48073.

Microsoft Vulnerability CVE-2018-8460: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48045 through 48046.

Microsoft Vulnerability CVE-2018-8486: A coding deficiency exists in DirectX Graphics Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48047 through 48048.

Microsoft Vulnerability CVE-2018-8491: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48049 through 48050.

Microsoft Vulnerability CVE-2018-8492: A coding deficiency exists in Microsoft Device Guard that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48062 through 48063.

Microsoft Vulnerability CVE-2018-8495: A coding deficiency exists in Microsoft Windows Shell that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48053 through 48054.

Microsoft Vulnerability CVE-2018-8505: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48051 through 48052.

Talos also has added and modified multiple rules in the browser-ie, file-executable, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Thursday, October 4, 2018

Snort rule blog post for Oct. 4, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 4, 2018

Cisco Talos just released the newest SNORTⓇ rule set. In this release, we introduced 46 new rules, three of which are shared object rules. There are also 22 modified rules.

This release covers additional Adobe Acrobat and Reader vulnerabilities that were disclosed on Oct. 1. The Snort rule release from earlier this week also addressed some of these bugs. Talos specifically discovered CVE-2018-12852, a remote code execution flaw in Acrobat that could allow an attacker to manipulate the victim machine's memory and execute code.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the deleted, file-image, file-multimedia, file-other, file-pdf, malware-cnc, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.