Tuesday, June 25, 2019

Snort rule update for June 25, 2019

Just released:
Snort Subscriber Rule Set Update for June 19, 2019

Cisco Talos released the latest SNORTⓇ rule set this morning. This release includes five new rules, two shared object rules and two modified rules.

This release provides protection from a recent Netwire variant spotted in the wild. Attackers have been delivering the malware through a zero-day vulnerability in the Mozilla Firefox web browser. Rules 50498 and 50500 prevent Netwire from downloading its final payload.

There were no changes made to the snort.conf in this release.

Thursday, June 20, 2019

Snort rule update for June 19, 2019

Just released:
Snort Subscriber Rule Set Update for June 19, 2019

Cisco Talos released the latest SNORTⓇ rule set overnight. This release includes 24 new rules, 10 of which are shared object rules. There are also four modified rules, two of which are shared object rules.

This release provides coverage for several vulnerabilities Cisco recently disclosed in its Prime Service Catalog and some RV routers. Several different models of RV routers contain bugs in their web-based interface that could allow malicious actors to carry out denial-of-service attacks.

There were no changes made to the snort.conf in this release.

Tuesday, June 18, 2019

Snort rule update for June 18, 2019

Just released:
Snort Subscriber Rule Set Update for June 18, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 12 new rules and 10 modified, none of which are shared object rules.

This release provides protection against the new HiddenWasp malware, which has been spotted in the wild targeting Linux systems. This attack shares similarities with other, previous Linux malware. Researchers believe some of the code may have even copy and pasted from other actors.

There were no changes made to the snort.conf in this release.

Thursday, June 6, 2019

Snort rule update for June 6, 2019

Just released:
Snort Subscriber Rule Set Update for June 6, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 46 new rules, two of which are shared object rules. There are no modified rules in this release.

In this release, we have new protections for a series of serious vulnerabilities in the Kace K1000 systems management appliance from Quest, as well as bugs in VMware.

There were no changes made to the snort.conf in this release.

Tuesday, June 4, 2019

Snort rule update for June 4, 2019

Just released:
Snort Subscriber Rule Set Update for June 4, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 19 new rules, two of which are shared object rules. There are also two modified shared object rules.

This release provides coverage for a vulnerability in a popular WordPress plugin that's being exploited in the wild by attackers to inject malicious JavaScript into sites. There's also protection against a recently patched bug in Apple WebKit.

There were no changes made to the snort.conf in this release.

Tuesday, May 28, 2019

Snort rule update for May 28, 2019

Just released:
Snort Subscriber Rule Set Update for May 28, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 46 new and five modified rules, none of which are shared object rules.

This release provides coverage for several vulnerabilities in Adobe Acrobat Reader, which Adobe disclosed earlier this month as part of their monthly security update. There is also coverage for a recently disclosed privilege escalation zero-day vulnerability in Windows Installer.

There were no changes made to the snort.conf in this release.

Thursday, May 23, 2019

Snort rule update for May 23, 2019

Just released:
Snort Subscriber Rule Set Update for May 23, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 29 new and 27 modified rules, none of which are shared object rules.

This release provides coverage for JasperLoader, a malware loader we've reported on several times. Most recently, we discovered JasperLoader being used in targeted attacks against users in Italy.

There were no changes made to the snort.conf in this release.

Tuesday, May 21, 2019

Snort rule update for May 20, 2019

Just released:
Snort Subscriber Rule Set Update for May 20, 2019

Last night, Cisco Talos released the latest SNORTⓇ rule set. This release includes 18 new rules, three of which are shared object rules. There are also eight modified rules.

This release includes coverage for indicators associated with CVE-2019-0708, a remote code execution vulnerability in Microsoft Remote Desktop Services — formerly known as Terminal Services. This is a highly publicized vulnerability from Microsoft, which the company disclosed last week as part of its monthly security update. The vulnerability is wormable, meaning future malware that exploits this bug could spread from system to system.

There were no changes made to the snort.conf in this release.

Thursday, May 16, 2019

Snort rule update for May 16, 2019

Just released:
Snort Subscriber Rule Set Update for May 16, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes seven new and modified rules, including three shared object rules each.

This release mainly provides coverage for the vulnerabilities Cisco disclosed last week in several of its products, including Prime Infrastructure and WebEx.

There were no changes made to the snort.conf in this release.

Wednesday, May 15, 2019

Entries for the Snort scholarship are now closed

Thanks to everyone who applied to our 2019 SNORTⓇ scholarship this year. Entries are now closed.

Please keep an eye on the blog here or on our Twitter account in the coming weeks, where we'll announce the winners!