Wednesday, January 22, 2020

Snort rule update for Jan. 22, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains seven new rules, six modified rules and 16 new shared object rules.

This rule update primarily covers a series of vulnerabilities Cisco disclosed in several of its products, including Firepower Management Center, Smart Software Manager and the IOS XR software.

Area Under Construction: Snort documentation is getting a facelift


By Kri Dontje.

Changes will be popping up all over Snort.org to bring better support to every aspect of the Snort user experience. What sort of new things are coming?

  • Added context information and a new look for Snort rule documentation.
  • Reorganized and updated documentation.
  • Elasticsearch.
  • A surprise of the multi-media variety!

As these changes go into effect, Snort.org may experience growing pains. In particular, the search function will be limited for a few days during the change-over. Pardon the inconvenience over the next week or so while we change the Elasticsearch indexes.

After our updates are complete, we’ll keep you posted about the new features and go over where to find them.

Thursday, January 16, 2020

Snort rule update for Jan. 16, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 12 new rules, two modified shared object rules and 103 modified rules.

The latest rule update provides new coverage for several different malware families, including Whiteshadow, the Remcos botnet and a variant of the AgentTesla malware.

Tuesday, January 14, 2020

Snort rule update for Jan. 14, 2020: Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 22 new rules and five modified rules.

Thursday, January 9, 2020

Snort rule update for Jan. 9, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 26 new rules, six modified rules and five new shared object rules.

The latest rule update provides several new protections against the ZeroCleare malware, a data-wiping attack recently deployed on an oil refinery in the Middle East. There is also new coverage for a variant of the Mirai botnet.

Tuesday, January 7, 2020

Snort rule update for Jan. 7, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains two new rules, both of which provide protection against the Xpert remote access tool.

Monday, January 6, 2020

Snort 2.9.15.1 has been released

We just released Snort minor bug update, version 2.9.15.1.  Take a look at the release notes below for more information:

2019-12-15 - Snort 2.9.15.1

New Additions
  • Added support for glibc version 2.30.
Improvements/Fix
  • Fixed Snort core seen during SSL re-configuration.
  • Fixed file access issues on files from SMB share.
Special thanks for this release go out to David Binderman for the reporting of an issue.

As always, feedback on this release and any other release may be sent to the Snort mailing lists.

You may download this latest version of Snort from our downloads site.

Thursday, December 19, 2019

Snort rule update for Dec. 19, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 11 new rules, six shared object rules and 26 modified rules.

This rule set provides protection against the exploitation of vulnerabilities in Adobe Photoshop, OpenSSL, Adobe Acrobat, and Cisco Smart Install.

Cisco's annual winter shutdown begins next week. As a result, we'll be taking two weeks off from posting these rule updates to the Snort blog. For new rule updates, keep an eye on the Snort Advisories page.

Tuesday, December 17, 2019

Snort version EOL update

As a reminder, we are preparing to EOL the following versions of Snort rules on Dec. 18:
  • 2.9.9.0
  • 2.9.12.0
We had originally intended to EOL version Snort 2.9.11.1 as well. However, there are external third-party vendors that are on 2.9.11.1, and because of their development cycle, can't upgrade just yet, so it's going to hang around while our third-party ecosystem is given a chance to upgrade.

We are also planning on releasing bug fix 2.9.15.1 (tentatively) on Dec. 19, followed by a larger release of 2.9.16.0 in April 2020 (tentatively).

We have been watching the number of downloads of these versions, on a week-to-week basis since September, and while the raw numbers of downloaders have been decreasing (and the drastic uptick in downloaders in 2.9.14.1 and 2.9.15.0) there are still about 42,000 users on those two versions, so we urge everyone on those two versions to upgrade as soon as possible.

Thanks everyone! Happy upgrading.

Snort rule update for Dec. 17, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 34 new rules and 22 modified rules.

This ruleset provides protection against the recently discovered Zeppelin ransomware attack, which we will highlight below.