Thursday, January 17, 2019

Snort blog post for Jan. 17, 2019

Just released:
Snort Subscriber Rule Set Update for Jan. 17, 2019

The newest SNORTⓇ  rule set is here from Cisco Talos. This release includes 35 new rules and three modified rules, none of which are shared object rules.

This release provides coverage for several malware families, including a new variant of Bitter remote access tool and the FlawedGrace RAT.

Tuesday, January 15, 2019

Snort rule update for Jan. 15, 2019

Just released:
Snort Subscriber Rule Set Update for Jan. 15, 2019

Cisco Talos released the newest SNORTⓇ rule set today. In this release, we introduced 22 new rules, six of which are shared object rules. There are also 11 modified rules, including two shared object rules.

This release provides coverage for a series of malware families, including WindTail — which has shown the ability to avoid detection by antivirus software, and a variant of MuddyWater that's recently been deployed by the Seedworm group.

Friday, January 11, 2019

Snort OpenAppID Detectors have been updated

An update has been released today for the Snort OpenAppID Detector content. This release, build 308, includes:
  • A total of 2,833 detectors. 
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.
Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.12.0's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

Thursday, January 10, 2019

Snort rule update for Jan. 10, 2019

Just released:
Snort Subscriber Rule Set Update for Jan. 10, 2019

Cisco Talos released the newest SNORTⓇ rule set today. In this release, we introduced 19 new rules, none of which are shared object rules. There are also 56 modified rules.

This release continues to provide coverage for a slew of bugs that Adobe reported in Acrobat and Reader earlier this month. It also includes new protection against the UPPERCUT backdoor, most recently seen in the wild being used by APT10.

Wednesday, January 9, 2019

Snort 2.9.11.0 end-of-life reminder

This is a reminder that SNORTⓇ version 2.9.11.0 will be shut down tomorrow, Jan. 10.

We first notified users that this version of Snort was reaching its end of life in October as the number of users began to wane. We encouraged everyone to update to the latest version of Snort to avoid any service interruptions.

We are working on revising Snort’s end-of-life policy for other versions going forward. We will begin to shut down versions of Snort that make up 10 percent or less of our downloads or superseded versions have been around for five years, which ever comes first. We will release more details about this in the future.

Snort.org and the Documentation Saga: A Survey

Cisco users with Firepower Threat Defense (FTD) on an Adaptive Security Appliance (ASA) are running SNORTⓇ, our open-source intrusion protection system, under the hood, along with a suite of other Talos-fueled security processes. Snort monitors traffic by sniffing packets and comparing their contents against tens of thousands of rules written to find all kinds of malware and other malicious activity. Our analysts are constantly creating new rules to cover vulnerabilities in a wide range of products. The highly active open-source community around Snort adds rules for general and niche network configurations, as well.

Tuesday, January 8, 2019

Snort rule update for Jan. 8, 2019 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Jan. 8, 2019

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 50 new rules, none of which are shared object rules. There are also eight modified rules, including two that are shared object rules.

This release covers Microsoft Patch Tuesday, which included fixes for 49 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.