Tuesday, February 23, 2021

Snort rule update for Feb. 23, 2021

Cisco Talos released the newest rule update for SNORTⓇ on Tuesday morning.

Today's release includes multiple rules to defend against attacks from the Gamaredon threat group. Talos researchers have spotted this group carrying out multiple attacks recently that appear to be mainly motivated by stealing users' information and selling it to other threat actors. For more on this group, check out Talos' full research post.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
0223357

Monday, February 22, 2021

Snort calendar poster giveaway

Each month for the rest of this year, we'll be giving away a poster of the previous month's Snort calendar illustration. We're kicking things off with a giveaway of a Scrapple Street poster.

To enter this month's random drawing, we want you to go on Twitter and send us a picture of your favorite Snort swag. This can be anything from a T-shirt to a previous year's calendar or your favorite squishy Snorty. 

Tag us on Twitter @snort and use #SnortCal2021 by Friday, Feb. 26, at 10 a.m. ET to be entered in the drawing, and we'll select one winner at random.

By participating in this contest, you are agreeing to Twitter’s contest rules. And if you don’t win this month’s, don’t worry, you’ll have another chance in March! Sorry, no multi-time winners.

Thursday, February 18, 2021

Snort rule update for Feb. 18, 2021

The newest rule update for SNORTⓇ is here, courtesy of Cisco Talos. 

Thursday's release includes multiple rules to protect against the exploitation of a vulnerability recently identified in the VMware virtual machine software. VMware disclosed the vulnerability this week, warning an attacker could exploit it to execute shell commands on the underlying system.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
61123

Tuesday, February 16, 2021

Snort rule update for Feb. 16, 2021

Cisco Talos released the newest rule set for SNORTⓇ on Tuesday morning.

Today's update includes several rules to protect against the ObliqueRAT malware from making an outbound connection to its command and control server. Cisco Talos has documented this trojan several times. If installed, ObliqueRAT can give its operators the ability to execute arbitrary commands, exfiltrate files, drop additional payloads and terminate processes on the infected endpoint. 

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
62152

Thursday, February 11, 2021

Snort rule update for Feb. 11, 2021

Cisco Talos released the newest rule update for SNORTⓇ Thursday morning.

Today's rule update provides several new protections against the Masslogger credential-stealing malware. There is also a rule protecting against a heap buffer overload attempt in Adobe Acrobat that Adobe disclosed earlier this week as part of its monthly security update.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
502116

Snort OpenAppID Detectors have been updated

 SNORTⓇ released a new update today for the Snort OpenAppID Detector content.

This release — build 341 — includes:
  • A total of 2,926 detectors. 
  • Additional detectors from the open-source community. For more details on which contributions were included, we have added them to the "Authors" file in this package.
The release is available now on our downloads page. We look forward to users downloading and using the new features of 2.9.17.0's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID package is also compatible with our Snort 3.x release.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content. Please visit the mailing lists page to sign up.

Tuesday, February 9, 2021

Snort rule update for Feb. 9, 2021 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, head to the Talos blog.

Here's a breakdown of this afternoon's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
1002111

Thursday, February 4, 2021

Snort rule update for Feb. 4, 2021

The newest SNORTⓇ rule release is here, courtesy of Cisco Talos.

Thursday's rule set comes with protection against the exploitation of several vulnerabilities Cisco recently disclosed in some of its VPN routers. If exploited, an adversary could gain the ability to execute remote code on the targeted machine. 

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
003718

Tuesday, February 2, 2021

Snort rule update for Feb. 2, 2021

Cisco Talos released the newest rule set for SNORTⓇ Tuesday morning.

There are multiple rules in this release that protect against, Generickdz which is often the generic name given to Windows trojans. Our two new rules will prevent the malware from downloading its final payload.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
70421

Thursday, January 28, 2021

Snort rule update for Jan. 28, 2021

This afternoon, Cisco Talos released the newest rule update for SNORTⓇ.

Thursday's release mainly provides coverage for multiple malware families. We have new and updated coverage for the Karangany malware family, which is known for targeting the energy sector, as well as the Nymaim downloader.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
20294