Thursday, September 20, 2018

Snort rule update for Sept. 20, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 20, 2018

Tonight, Cisco Talos has released the latest SNORTⓇ rule update. In this release, we introduced 20 new rules, two of which are shared object rules. There are also four modified rules, none of which are shared object rules.

This release protects against a variety of malware, including the newly discovered Xbash malware, which combines the features of a cryptocurrency miner and ransomware. We also have coverage for three vulnerabilities in Cisco's Webex software that could allow an attacker to execute arbitrary code on a victim machine.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the deleted, file-image, file-other, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Wednesday, September 19, 2018

Snort rule update for Sept. 19, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 19, 2018

We welcome the introduction of the newest rule release from Talos. In this release, we introduced eight new rules, none of which are shared object rules. There are also seven modified rules.

This rule release primarily covers vulnerabilities that were recently disclosed in Adobe Acrobat and Reader. The two products contain a series of critical and important bugs that could allow an attacker to execute code on the victim machine with the same rights as the current user.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, September 18, 2018

Snort rule update for Sept. 18, 2018


Just released:
Snort Subscriber Rule Set Update for Sept. 18, 2018

The newest Snort rule update rule release was released this morning by Cisco Talos. In this release, we introduced 37 new rules, three of which are shared object rules. There are also 2,155 modified rules, none of which are shared object rules.

This release provides coverage for multiple bugs in Adobe ColdFusion and Flash Player, as well as the malware families njrat and DownloadGuide.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the exploit-kit, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, netbios, os-linux, os-mobile, os-other, os-windows, policy-other, protocol-dns, protocol-ftp, protocol-icmp, protocol-imap, protocol-rpc, protocol-scada, protocol-services, protocol-snmp, protocol-tftp, protocol-voip, pua-adware, pua-toolbars, server-apache, server-iis, server-mail, server-mssql, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Thursday, September 13, 2018

Snort rule update for Sept. 13, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 13, 2018

Today, we welcome the newest rule release from Talos. In this release, we introduced 48 new rules, of six which are shared object rules. There are also 501 modified rules, none of which are shared object rules.

This update provides coverage for CVE-2018-8475, a coding deficiency in Microsoft Windows that could allow an attacker to execute code on the victim machine.

There are also rules addressing multiple vulnerabilities in Adobe Flash Player and Adobe ColdFusion, including two critical bugs.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos also has added and modified multiple rules in the app-detect, browser-chrome, browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, deleted, file-flash, file-image, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, September 11, 2018

Snort rule update for Sept. 11, 2018 — Microsoft Patch Tuesday

Just released:
SNORTⓇ Subscriber Rule Set Update for Sept. 11, 2018

Today, we welcome the introduction of the newest rule release from Talos. In this release, we introduced 46 new rules, 20 of which are shared object rules. There are also eight modified rules, of which four are shared object rules.

This release covers Microsoft Patch Tuesday. The monthly security update from Microsoft disclosed dozens of vulnerabilities across multiple products, including the Internet Explorer and Edge web browsers, as well as the Chakra scripting engine. If you would like to know more about these vulnerabilities, check out Talos' full blog post on Patch Tuesday here.

Our rule update also adds new protections against the MysteryBot malware, a family that's been spotted on Android platforms.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser: 47723

Talos's rule release: Talos is aware of vulnerabilities affecting products from Microsoft Corporation.
Microsoft Vulnerability CVE-2018-8367: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47734 through 47735.

Microsoft Vulnerability CVE-2018-8391: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47736 through 47737.

Microsoft Vulnerability CVE-2018-8410: A coding deficiency exists in Microsoft Windows Registry that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47745 through 47746.

Microsoft Vulnerability CVE-2018-8420: A coding deficiency exists in MS XML that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47747 through 47748.

Microsoft Vulnerability CVE-2018-8440: A coding deficiency exists in Microsoft Windows ALPC that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 47702 through 47703.

Microsoft Vulnerability CVE-2018-8442: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47717 through 47718.

Microsoft Vulnerability CVE-2018-8447: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47730 through 47731.

Microsoft Vulnerability CVE-2018-8449: A coding deficiency exists in Microsoft Device Guard that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47740 through 47741.

Microsoft Vulnerability CVE-2018-8456: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2018-8459: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47732 through 47733.

Microsoft Vulnerability CVE-2018-8461: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47738 through 47739.

Microsoft Vulnerability CVE-2018-8464: A coding deficiency exists in Microsoft Edge PDF that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 42311 through 42312.

Microsoft Vulnerability CVE-2018-8466: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8467: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47742 through 47743.

Microsoft Vulnerability CVE-2018-8470: A coding deficiency exists in Microsoft Internet Explorer that may lead to a security feature bypass.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 47761.

Talos also has added and modified multiple rules in the browser-ie, file-office, file-other, file-pdf, malware-cnc, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Thursday, September 6, 2018

Snort rule update for Sept. 6, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 6, 2018

Today, Cisco Talos released the newest rule set for SNORTⓇ rule release from Talos. In this release, we introduced 21 new rules, of which 11 are Shared Object rules. There is also one modified rule.

In this release, there is plenty of coverage for a slew of vulnerabilities that Cisco revealed this week, including flaws in Cisco Umbrella's API and the RV series of wireless routers.

There were no changes made to the snort.conf in this release.

Talos's rule release:
  • New SO rules: 11 
  • New Rules: 10 
  • Modified Rules: 1
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, September 4, 2018

Snort rule update for Sept. 4, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 4, 2018.

We welcome the introduction of the newest rule release from Talos. In this release, we introduced 11 new rules, of which one is a Shared Object rule. There are also 32 modified rules.

We continue to provide coverage for a slew of Adobe vulnerabilities that were disclosed in mid-August. There are also several rules that cover critical flaws in Apache Struts 2, many of which impact Cisco products.

There were no changes made to the snort.conf in this release.

Talos's rule release:

  • New SO rules: 1  

  •  Modified SO rules: 0 

  • New Rules: 10 

  • Modified Rules: 32
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.