Thursday, April 2, 2020

Snort rule update for April 2, 2020 — Microsoft Patch Tuesday

Apologies for the radio silence on the blog over the past week weeks. The Snort communications team was settling into a new schedule. But that doesn't mean the rule updates haven't been rolling in.

We just released a new SNORTⓇ rule update this morning with 20 new rules, two modified rules, two modified shared object rules and 12 new shared object rules.

Today's release provides protection against the Agent Tesla malware, which recently saw a spike connected to COVID-19-related spam.

Tuesday, March 10, 2020

Snort rule update for March 10, 2020 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 22 new rules, four modified rules and one new shared object rule.

Thursday, March 5, 2020

Snort rule update for March 5, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains eight new rules, 10 new shared object rules and 292 modified rules.

This rule set primarily covers a series of vulnerabilities Cisco disclosed earlier this week in Webex Player and Webex Network Recording Player. While Cisco has already released updates for these bugs, Snort rules 53384 - 53392 provide an additional layer of protection by preventing adversaries from corrupting memory on affected devices.

Tuesday, March 3, 2020

Snort rule update for March 3, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains nine new rules and two modified rules.

This latest update primarily supplies new rules to protect against the newly discovered Mozart malware. The backdoor uses DNS to communicate with its creators and evade detection. Rules 53364 - 53373 prevent Mozart from connecting to a command and control server and downloading malicious PDFs.

Thursday, February 27, 2020

Snort rule update for Feb. 27, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains nine new rules and two modified rules.

This release primarily focuses on a new variant of Emotet. The longstanding malware has evolved to spread over WiFi connections. These new rules prevent that variant from being downloaded on your machine.

After you're done adding the new rules today, head over to our shiny new Resources page. We've got improved documentation, as well as the new Snort 101 video series, which will teach you the basics of setting up Snort 2 and 3, and even dives a little into rule writing.

Wednesday, February 26, 2020

Snort rule update for Feb. 26, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 82 new rules and eight modified rules.

This release primarily provides new coverage for two malware families: Zeroll and NetWire — the latter of which was recently associated with tax-theme spam campaigns and malicious IMG files.

After you're done adding the new rules today, head over to our shiny new Resources page. We've got improved documentation, as well as the new Snort 101 video series, which will teach you the basics of setting up Snort 2 and 3, and even dives a little into rule writing.

Tuesday, February 25, 2020

Snort rule update for Feb. 25, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 57 new rules, 12 modified rules, and 10 new shared object rules.

This rule update provides several new rules for variants in the longstanding Netwire and AZORult malware families.

After you're done adding the new rules today, head over to our shiny new Resources page. We've got improved documentation, as well as the new Snort 101 video series, which will teach you the basics of setting up Snort 2 and 3, and even dives a little into rule writing.

Monday, February 24, 2020

Learn Snort: Back to basics videos and labs


Snort is happy to launch a new (free!) video training series created by Cisco Talos covering the basic operation of Snort 2 and Snort 3. Currently available topics include installation and configuration, packet capture and logging and rule writing. Users of both Snort 2.9x and Snort 3 can use the included labs to acquire the basic skills and information for quick and easy setup of Snort and start inspecting traffic immediately.

The series is available on the newly revamped Snort Resources page, where you will also find Snort documentation, white papers, and additional tutorials and guides. Currently, the following topics covered in the “Snort 101” videos are:

  • Snort Overview - Snort 101
  • Snort 2 - Install and Config (with labs)
  • Snort 2 - Introduction to Rule Writing
  • Snort 3 - Install and Config (with labs)
  • Snort 3 - Writing Rules (with labs)
  • Snort 3 - Logging (with labs)

The training videos and labs can also be found in a playlist on the Talos YouTube channel, and on the new Resources page here.

Thursday, February 20, 2020

Snort rule update for Feb. 20, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 46 new rules and nine new shared object rules.

This rule update provides several new protections against malware we're calling "ObliqueRAT." We will be publishing details about this RAT on the Talos blog later today.

Tuesday, February 18, 2020

Snort rule update for Feb. 18, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 33 new rules, six new shared object rules and eight modified rules.

This rule update provides protection against a major new wave of malware that reportedly targeted a U.S. federal agency. Attackers are using the Syscon backdoor along with a variant of the Carrotbat malware to install malicious downloaders on victim's machines. New rules 53129 - 53144 perform various actions to prevent this malware from infecting victims and downloading any additional payloads.