Thursday, August 16, 2018

Snort OpenAppID Detectors have been updated!

An update has been released today for the Snort OpenAppID Detector content. This release, build 303, includes
  • A total of 2,828 detectors. 
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.

Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.11.0's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

New Snort Subscriber Rule Set for Aug. 16, 2018


Just released:
Snort Subscriber Rule Set Update for Aug. 16, 2018

The newest rule release from Talos was released this morning. In this release, we introduced 47 new rules. Of those, three are shared object rules and made modifications to five additional rules, none of which are shared object rules.

There are several notable new rules in this release, including coverage for multiple "important" bugs in Adobe Flash Player (rules 47529 - 47535, 45768 and 45769). There's also new protections against the Plead malware family, which is a remotely controlled backdoor (rules 47566 and 47567).

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser: 47556 and 47557

Talos's rule release:

  • New SO rules: Three

  • No modified SO Rules

  • New Rules: 44

  • Modified Rules: Five
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, August 14, 2018

Snort Subscriber Rule Set Update for 08/14/2018, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 08/14/2018

We welcome the introduction of the newest rule release from Talos. In this release we introduced 55 new rules of which 6 are Shared Object rules and made modifications to 10 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-8266:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47490 through 47491.

Microsoft Vulnerability CVE-2018-8344:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47519 through 47520.

Microsoft Vulnerability CVE-2018-8345:
A coding deficiency exists in Microsoft LNK that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47476 through 47477.

Microsoft Vulnerability CVE-2018-8353:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45877 through 45878.

Microsoft Vulnerability CVE-2018-8355:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47492 through 47493.

Microsoft Vulnerability CVE-2018-8371:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8372:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47478 through 47479.

Microsoft Vulnerability CVE-2018-8376:
A coding deficiency exists in Microsoft PowerPoint that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47482 through 47483.

Microsoft Vulnerability CVE-2018-8379:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47495 through 47496.

Microsoft Vulnerability CVE-2018-8383:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47474 through 47475.

Microsoft Vulnerability CVE-2018-8384:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47480 through 47481.

Microsoft Vulnerability CVE-2018-8387:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47486 through 47487.

Microsoft Vulnerability CVE-2018-8389:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47484 through 47485.

Microsoft Vulnerability CVE-2018-8401:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47517 through 47518.

Microsoft Vulnerability CVE-2018-8403:
A coding deficiency exists in Microsoft Browser that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47488 through 47489.

Microsoft Vulnerability CVE-2018-8404:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47503 through 47504.

Microsoft Vulnerability CVE-2018-8405:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47515 through 47516.

Microsoft Vulnerability CVE-2018-8406:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47512 through 47513.

Microsoft Vulnerability CVE-2018-8414:
A coding deficiency exists in Microsoft Windows Shell that may lead to
remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46999 through 47002.

Talos also has added and modified multiple rules in the browser-ie,
file-executable, file-office, file-other, indicator-compromise,
malware-cnc, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 9, 2018

Snort Subscriber Rule Set Update for 08/09/2018

Just released:
Snort Subscriber Rule Set Update for 08/09/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules of which 0 are Shared Object rules and made modifications to 11 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-plugins, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, August 7, 2018

Snort Subscriber Rule Set Update for 08/07/2018

Just released:
Snort Subscriber Rule Set Update for 08/07/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 30 new rules of which 10 are Shared Object rules and made modifications to 13 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-other, file-image, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, August 3, 2018

Snort Subscriber Rule Set Update for 08/03/2018

Just released:
Snort Subscriber Rule Set Update for 08/03/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 1 new rules of which 0 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Microsoft Vulnerability CVE-2018-8414: A coding deficiency exists in Microsoft Windows OS that may lead to remote code execution with minimal to no user interaction. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information.

They are also included in this release and are identified with GID 1, SIDs 46999 through 47002. Talos also has added and modified multiple rules in the malware-cnc rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 2, 2018

Snort Subscriber Rule Set Update for 08/02/2018

Just released:
Snort Subscriber Rule Set Update for 08/02/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 14 new rules of which 1 are Shared Object rules and made modifications to 2 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the file-other, malware-cnc, policy-other, protocol-voip, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!