Tuesday, January 25, 2022

Snort rule update for Jan. 25, 2022 — And an update to our supported operating systems

The newest SNORTⓇ rule update from Cisco Talos is now available.

This release includes several rules to protect against malicious PHP command shells in Ajax that are sometimes used in cyber attacks. 

Here's a full breakdown of the rest of Tuesday's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
0140

Thursday, January 13, 2022

Snort rule update for Jan. 13, 2022

The newest SNORTⓇ rule update from Cisco Talos is now available.

Thursday morning's rule release includes new protections against the exploitation of a Log4shell-like vulnerability recently discovered in the popular H2 Java SQL database. Although the paths to exploiting this vulnerability are similar to the recent Log4j issue, the scope of execution is less broad.

Here's a full breakdown of the rest of today's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
022

Wednesday, January 12, 2022

Snort 3.1.20.0 available for download now

      

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

 

Snort 3.1.20.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Here's a rundown of all the changes and new features in this latest version of Snort 3.

Snort rule update for Jan. 11, 2022 — Microsoft Patch Tuesday

Cisco Talos released a new SNORT® ruleset Tuesday evening, providing coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, view all of them on Microsoft's security update page. You can also read our breakdown of the most notable vulnerabilities on the Talos blog.

Here's a breakdown of Tuesday's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
00229

Tuesday, December 14, 2021

Snort rule update for Dec. 14, 2021 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, view all of them on Microsoft's security update page. Since our researchers are heads-down working on the Log4j vulnerability, we were not able to release a full Patch Tuesday blog post this month on the Talos site.

Here's a breakdown of this afternoon's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
00397

Wednesday, December 8, 2021

The newest version of Snort 3 is available now — Here are the latest updates and features

     

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

 

Snort 3.1.18.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

We are also excited to release a new installation guide for Snort 3 for Ubuntu 18 and 20. This guide teachers users on how to install Snort 2.1.17.0 on the aforementioned operating systems. A huge thanks to Noah Dietrich for his work on these guides as always.

Here's a rundown of all the changes and new features in this latest version of Snort 3.

Tuesday, December 7, 2021

Snort rule update for Dec. 7, 2021

The newest SNORTⓇ rule update from Cisco Talos is now available.

Tuesday's rule update includes multiple rules to protect against vulnerabilities that are being exploited in the wild. One such vulnerability is CVE-2021-44515 in the Zoho patch management software. If exploited, it could allow attackers to bypass authentication and execute arbitrary code. Snort rule 58696 detects if attackers try to upload a file as part of exploiting this vulnerability.

Here's a full breakdown of today's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
017353

Monday, December 6, 2021

Open-source version of Snort 2.9.19.0 available now

 SNORTⓇ released its newest open-source version, 2.9.19.0, this morning.

You can download this version on Snort.org. As you may remember, version 2.9.18.0 reached its end-of-life last week, so anyone using that version should update immediately. 

Tuesday, November 30, 2021

Snort rule update for Nov. 30, 2021

The newest SNORTⓇ rule update from Cisco Talos is now available.

Tuesday morning's release includes a new rule to protect against the high-profile DarkSide ransomware. The group, also known as DarkMatter, targeted several high-profile companies across the globe this year, including two companies in the U.S. food and agriculture sector. 

This new rule detects when the ransomware attempts to make an outbound connection.

Here's a full breakdown of the rest of today's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
10 0195

Snort OpenAppID Detectors have been updated

 SNORTⓇ released a new update today for its OpenAppID Detector content.

This release — build 349 — includes:
  • 3,123 detectors. 
  • Additional detectors from the open-source community. For more details on which contributions were included, we have added them to the "Authors" file in this package.
The release is available now on our Downloads page. We look forward to users downloading and using the new features. If you have any feedback,  please share it with the OpenAppID mailing list.

The OpenAppID package is also compatible with our most recent Snort 3 releases.

For more information regarding the applications that are included in the open-source version of OpenAppID, feel free to visit our new application portal at appid.cisco.com.