Tuesday, June 15, 2021

Snort 2.9.18.0 released

We released SNORTⓇ version 2.9.18.0 this afternoon. 

This version includes several bug fixes and updates to improve your Snort experience. If you haven't already, we also encourage users to upgrade to Snort 3, which includes a new rule parser and rule syntax, support for multiple packet-processing threads, and much more.

Here's a rundown of what's new in 2.9.18.0.

Snort rule update for June 15, 2021

Cisco Talos released the newest rule set for SNORTⓇ this morning.

Tuesday's rule release provides new protections against the IPsec Helper backdoor. The group behind the backdoor, known as Agrius, recently deployed a similar backdoor as part of a wiper malware campaign

Here's a full breakdown of this release:

Shared object rulesModified shared object rulesNew rulesModified rules
14 01111

Thursday, June 10, 2021

Snort rule update for June 10, 2021

 SNORTⓇ's latest rule release is here, courtesy of Cisco Talos.

Thursday's rule release includes several new rules to defend against the DarkSide ransomware. These rules will specifically detect any usage of a custom command and control framework the ransomware's been known to utilize.

Here's a full breakdown of this release:

Shared object rulesModified shared object rulesNew rulesModified rules
14 080

Tuesday, June 8, 2021

Snort rule update for June 8, 2021 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, head to the Talos blog.

Here's a breakdown of this afternoon's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
22152

Monday, June 7, 2021

Rule released to protect against severe VMware vulnerability that attackers are exploiting in the wild

Cisco Talos released a SNORTⓇ rule over the weekend to protect against exploitation of a severe vulnerability in VMware's vSphere Client’s Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server.

An attacker with network access to this service can exploit this vulnerability to gain remote code execution on the affected vCenter Server.

Thursday, June 3, 2021

Snort rule update for June 3, 2021

SNORTⓇ's latest rule release is here, courtesy of Cisco Talos.

Thursday's rule release includes new coverage for the Necro Python bot. Talos researchers recently discovered this bot adding new functionality to target several well-known vulnerabilities. It also added a cryptocurrency miner. Read more over on the Talos blog.

Here's a full breakdown of this release:

Shared object rulesModified shared object rulesNew rulesModified rules
0  0341

Tuesday, June 1, 2021

Snort rule update for June 1, 2021

Cisco Talos released the newest SNORTⓇ rule update Tuesday afternoon.

This release includes several new rules to protect against attacks from Russian Foreign Intelligence Service (SVR) cyber actors (aka APT29 and CozyBear). A joint release from U.S. intelligence organizations outlined the vulnerabilities this group uses to target many of its victims.

Here's a breakdown of everything in today's release:

Shared object rulesModified shared object rulesNew rulesModified rules
0  0154

Thursday, May 27, 2021

Snort rule update for May 27, 2021

The newest rule set for SNORTⓇ is now available from Cisco Talos. In case you missed it, there is also a new version of Snort 3 out now.

Thursday's rule release includes new coverage to protect against the REvil ransomware, which is recently known for targeting health care systems.

Here's a breakdown of everything in today's release:

Shared object rulesModified shared object rulesNew rulesModified rules
46  360

Tuesday, May 25, 2021

New version of Snort 3 out now — Here are all the updates and fixes

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

Snort 3.1.5.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Snort rule update for May 25, 2021

Cisco Talos released the newest rule update for SNORTⓇ on Tuesday morning. This release comes alongside the newest update for Snort 3 — version 3.1.5.0

Here's a breakdown of everything in today's release:

Shared object rulesModified shared object rulesNew rulesModified rules
14   019