Tuesday, May 4, 2021

Snort rule update for May 4, 2021

Cisco Talos released the newest rule release for SNORTⓇ Tuesday.

This release includes multiple rules to protect against vulnerabilities in the Micro Focus Operations Bridge and the KLog Server. 

Here's a breakdown of Tuesday's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
1022029

Monday, May 3, 2021

New Snort 3 release available — Here are all the updates and fixes

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

Snort 3.1.4.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible, and to upgrade to Snort 3 if they have not already done so.

Thursday, April 29, 2021

Snort rule update for April 29, 2021

Cisco Talos just released the latest SNORTⓇ rule update.

Thursday's release includes protection against the exploitation of a recently disclosed vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. An adversary could exploit this vulnerability to cause a denial-of-service condition on a client's VPN connection if they're using an affected version of the Cisco Secure Client. 

Here's a breakdown of this rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
3063

Tuesday, April 27, 2021

Snort rule update for April 27, 2021

 Cisco Talos released the latest SNORT® rule update Tuesday morning.

Today's release includes several new rules to protect against attacks from the LemonDuck threat group. Talos first discovered LemonDuck spreading cryptocurrency miners, but it has now shifted to targeting vulnerable Microsoft Exchange Servers to deploy ransomware.

Here's a breakdown of Tuesday's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
60612

Friday, April 23, 2021

Recording: Snort 3 and me — an introduction and overview

 
Our first entry in the "Snort 3 and me" webinar series is the perfect place to start if you've never worked with Snort 3 before.

If you missed our presentation from earlier this week, we've uploaded the full version to the Cisco Talos YouTube channel. You can also check it out above.

Stay tuned for more information on the next entry in our webinar series.

Thursday, April 22, 2021

2.9.8.3 Shared Object end-of-life

Attention users of SNORTⓇ version 2.9.8.3: This serves as your official end-of-life notification. However, this EOL notification is a bit unique.  

We will be moving to an “end of life” for shared object rules for Snort version 2.9.8.3 in 90 days, (July 20, 2021).  After that, for an indeterminate amount of time after July 20, we will only be supporting 2.9.8.3 for plain text rules. 

If you are using version 2.9.8.3, you should immediately start making plans to move off of that version altogether. 

Please see our other announcement recently on the EOL of 2.9.15.0 and 2.9.16.0. 

Tuesday, April 20, 2021

Snort rule update for April 20, 2021

Cisco Talos released the latest SNORT® rule update Tuesday afternoon.

Today's release includes several rules to protect against the exploitation of a recently discovered vulnerability in the VMware View Planner virtual desktop deployment platform. An attacker could use this vulnerability to gain the ability to execute remote code on the victim machine.

There is also one rule preventing the Remcos RAT from making an outbound connection to its command and control server. Remcos is recently known for being attached to COVID-19-themed spam campaigns

Here's a breakdown of Tuesday's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
0092

Thursday, April 15, 2021

Snort rule update for April 15, 2021

Cisco Talos released the newest rule update for SNORTⓇ this morning.

Thursday's rule release includes several new rules to protect against the Raindrop malware. This threat was recently discovered being deployed by actors exploiting the well-known vulnerabilities in SolarWinds. This supply chain attack targeted many high-profile organizations and government agencies.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
20137

Tuesday, April 13, 2021

Snort rule update for April 13, 2021 — Microsoft Patch Tuesday

 The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, head to the Talos blog.

Here's a breakdown of this afternoon's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
11110

Thursday, April 8, 2021

New "Snort 3 and me" webinar series launches on April 20

Have you upgraded to Snort 3 yet? Want to learn how to transition?

With Snort 3, rules are faster and more efficient, users have more control over their Snort experience, and it runs on multiple environments and operating systems.

To help you make the switch, we're launching a new series of webinars with the help of the Snort product team and our friends across Cisco. 

To kick things off, Alex Tatistcheff, a technical marketing manager for Cisco, will be holding a presentation on Snort 3 on April 20 at 11 a.m. ET. Alex will address specific questions anyone has about Snort 3 and walk you through how to have a successful migration to Snort 3. You can register for this webinar here.

Alex is the author of the book "Essential Firepower: Your best practice guide to configuring Cisco's Next Generation Firewall" and is an expert on all things Snort.