Thursday, August 6, 2020

New Snort 3 release available on GitHub

The SNORT® development team released a new update to Snort 3 (aka Snort++) on GitHub today. 

Snort rule update for Aug. 6, 2020

Cisco Talos released the newest SNORTⓇ rule update this morning.

The latest release includes five new rules, 49 modified rules and nine new shared o.

Thursday's release provides expanded coverage for the vulnerabilities Cisco disclosed in its Data Center Network Manager and the AnyConnect VPN client. There's also a new rule preventing the Ursnif malware from making an outbound connection to its command and control (C2).

Wednesday, August 5, 2020

The major differences that set Snort 3 apart from Snort 2



By Russ Combs and Jon Munshaw. 

We are inching closer to the final release of Snort 3.  

Snort 3.0 is an updated version of the SNORT® Intrusion Prevention System that features a new design and a superset of Snort 2.X functionality that results in better efficacy, performance, scalability, usability and extensibility. 

There are many benefits of upgrading to Snort 3 once the final release is here. In the coming weeks, we’ll be outlining many of these changes to answer users’ most burning questions and assist everyone in the transition.  

Snort 2.9.16.1 has been released

Join us as we are pleased to release a bug fix version of Snort 2.9.16.1!  First, some release notes:

Snort 2.9.16.1

New Additions
  • Added support for GCC version 10.1.1.
Improvements/Fixes
  • Added packet counters to make sure flows with one-way data don't stay pending forever.
  • Fixed potential race condition between reload and exit path.
As always this maintenance release of Snort 2.9.16.1 is available on our Snort downloads page.  For any questions, please feel free to visit our Snort-Users mailing list.

Tuesday, August 4, 2020

Snort rule update for Aug. 4, 2020

Cisco Talos released the newest SNORTⓇ rule update this morning.

The latest release includes 13 new rules, three modified rules and four new shared object rules.

Tuesday's release provides expanded coverage for the WastedLocker ransomware. This malware family recently expanded its scope, going after several high-profile targets. You can read more about WastedLocker in Talos' research post here.

Thursday, July 30, 2020

Snort rule update for July 30, 2020

The newest Cisco Talos rule release for SNORTⓇ is here.

The latest release includes 21 new rules, four shared object rules and one modified shared object rule.

This release includes new coverage for several different malware families, including the Nanocore RAT and Gh0stRAT. There is also protection against the exploitation of a recently disclosed critical vulnerability in Cisco's Data Center Network Manager.

Tuesday, July 28, 2020

Snort rule update for July 28, 2020

This morning, Cisco Talos released a new rule update for SNORTⓇ.

The latest release includes 14 new rules and six new shared object rules.

This release includes several new rules to protect against the Hakbit ransomware attack that researchers discovered last month. Hakbit, so far, has targeted numerous organizations in Europe via phishing emails with malicious Excel files attached.

Thursday, July 23, 2020

Snort rule update for July 23, 2020

This morning, Cisco Talos released a new rule update for SNORTⓇ.

The latest release includes 30 new rules, four modified rules and seven new shared object rules.

Today's release provides coverage to protect against the Prometei botnet. Talos discovered this botnet mining Monero cryptocurrency recently. For more information, check out all of Talos' research here.

Tuesday, July 21, 2020

Snort rule update for July 21, 2020

There is a new SNORTⓇ rule update available this morning from Cisco Talos.

The latest release includes six new rules, five modified rules and 10 new shared object rules.

Today's release continues our coverage of Microsoft Patch Tuesday. There are new rules that defend against vulnerabilities in Microsoft WalletService that the company disclosed last Tuesday.

Thursday, July 16, 2020

Snort rule update on July 16, 2020 — Additional coverage for Windows DNS vulnerability

Cisco Talos released a second rule update for SNORTⓇ on Thursday, providing additional rules to cover a critical vulnerability in Windows DNS.

Microsoft first disclosed CVE-2020-1350 on Tuesday as part of its monthly security update. While there was one Snort rule released Tuesday to defend against the exploitation of this bug, we have since expanded our coverage with three new rules released today. The vulnerability received a severity score of 10 out of the maximum 10. An adversary could exploit this bug to infect Windows servers with malware and create malicious DNS queries.