Thursday, July 18, 2019

Snort 2.9.14.0 is here

Please join us as we welcome SNORTⓇ 2.9.14.0 to the family.

The release notes for the newest version are below:

New Additions
  • Added support for wild card port numbers in host cache and overwriting port service AppId.
  • Added new client patterns to prompt client validation.
  • Added SMTP Microsoft Outlook client for Mac.
  • Added a new preprocessor alert 120:27 to alert if there is no proper end-of-header.
Improvements
  • Improved appId detection for proxied traffic.
  • Fix to ensure Snort is ready for packet commencing before DAQ starts. 
  • Fix for enabling flow profiling mode without restarting Snort detection engine.
Feedback and discussion are always welcome on the Snort-Users mailing list.

Downloads of Snort 2.9.14.0 are available here.

Snort rule update for July 18, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 21 new rules — 10 of which are shared object rules, as well as five modified rules.

Thursday's release provides protection against a critical vulnerability in Cisco Vision Dynamic Signage Director, as well as a remote code execution bug in a popular plugin for WordPress.

Tuesday, July 16, 2019

Snort rule update for July 16, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 24 new rules — four of which are shared object rules, as well as five modified rules.

Tuesday's release fixes a high-profile vulnerability in the Zoom web meeting software and also provides new coverage for several different malware families.

Thursday, July 11, 2019

Snort rule update for July 11, 2019

Just released:
Snort Subscriber Rule Set Update for July 11, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 28 new rules and four modified rules, none of which are shared object rules.

This release provides new coverage for CVE-2017-11882, CVE-2018-0802 and CVE-2018-0798. These vulnerabilities in Microsoft Equation Editor — which have previous patches — are being exploited by a threat actor to deliver malware and send malicious RTF documents to users. Based on this new intelligence, this latest update includes new coverage for these bugs: SIDs 50684, 50685 and 50689-50695.

There were no changes made to the snort.conf in this release.

Tuesday, July 9, 2019

Snort rule update for July 9, 2019 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos was just released. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the 77 vulnerabilities Microsoft disclosed this week, head to the Talos blog

Tuesday, July 2, 2019

Snort rule update for July 2, 2019

Just released:
Snort Subscriber Rule Set Update for July 2, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 102 new rules and 10 modified rules, none of which are shared object rules.

This release provides new coverage for the Scranos malware, a data-stealing attack that its creators recently revitalized. The series of new rules prevents Scranos from making an outbound connection and also blocks it from downloading its final payload.

There were no changes made to the snort.conf in this release.

Thursday, June 27, 2019

Snort rule update for June 27, 2019

Just released:
Snort Subscriber Rule Set Update for June 27, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 10 new rules, five of which are shared object rules. There are also six modified rules, one of which is a shared object rule.

In this release, we have new protection from critical vulnerabilities Cisco recently disclosed in Data Center Network (DNA) Management. There is also protection from any attacks attempting to exploit a critical flaw in Mozilla Firefox that attackers have actively used in the wild.

There were no changes made to the snort.conf in this release.

Tuesday, June 25, 2019

Snort rule update for June 25, 2019

Just released:
Snort Subscriber Rule Set Update for June 25, 2019

Cisco Talos released the latest SNORTⓇ rule set this morning. This release includes five new rules, two shared object rules and two modified rules.

This release provides protection from a recent Netwire variant spotted in the wild. Attackers have been delivering the malware through a zero-day vulnerability in the Mozilla Firefox web browser. Rules 50498 and 50500 prevent Netwire from downloading its final payload.

There were no changes made to the snort.conf in this release.

Thursday, June 20, 2019

Snort rule update for June 19, 2019

Just released:
Snort Subscriber Rule Set Update for June 19, 2019

Cisco Talos released the latest SNORTⓇ rule set overnight. This release includes 24 new rules, 10 of which are shared object rules. There are also four modified rules, two of which are shared object rules.

This release provides coverage for several vulnerabilities Cisco recently disclosed in its Prime Service Catalog and some RV routers. Several different models of RV routers contain bugs in their web-based interface that could allow malicious actors to carry out denial-of-service attacks.

There were no changes made to the snort.conf in this release.

Tuesday, June 18, 2019

Snort rule update for June 18, 2019

Just released:
Snort Subscriber Rule Set Update for June 18, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 12 new rules and 10 modified, none of which are shared object rules.

This release provides protection against the new HiddenWasp malware, which has been spotted in the wild targeting Linux systems. This attack shares similarities with other, previous Linux malware. Researchers believe some of the code may have even copy and pasted from other actors.

There were no changes made to the snort.conf in this release.