Thursday, September 27, 2012

Sourcefire VRT Certified Snort Rules Update for 09/27/2012

Just released: Sourcefire VRT Certified Snort Rules Update for 09/27/2012

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 12 new rules and made modifications to 2 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank Avery Tarasov for his work on sid: 24255
The VRT would like to thank James Lay for his work on sids: 24253, 24254

In VRT's rule release:
Synopsis: This release adds and modifies rules in several categories. 
Details: The Sourcefire VRT has added and modified multiple rules in the browser-ie, indicator-compromise, malware-cnc and web-php rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, September 25, 2012

Sourcefire VRT Certified Snort Rules Update for 09/25/2012

Just released:
Sourcefire VRT Certified Snort Rules Update for 09/25/2012

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 20 new rules and made modifications to 22 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
Synopsis:
This release adds and modifies rules in several categories.
Details:
The Sourcefire VRT has added and modified multiple rules in the
browser-firefox, browser-ie, exploit-kit, file-flash, file-office,
file-other, malware-cnc, malware-other, misc, voip and web-misc rule
sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store.  Make sure and stay up to date to catch the most emerging threats!

Barnyard2 - v2-1.10 has been released

It's my great pleasure to finally announce the next stable release of barnyard2 v2-1.10 build(310).

After almost 20 months of development and continuous testing from the community we are happy to get this one out to the masses (without the beta tag).

This development cycle has seen a lot of changes, refinements and fixes. This will be the last version build arround the old database schema.

The next release of barnyard2 will come with new database output that only support the new schema, native IPv6 support and FULL unified2 support for all output plugin.

I could go on about the changes, but the wait has been long enough. Here's a summary of the more notable changes:
 * Additions
 - spo_database. Support of encrypted connections to postgresql is now available. See README.database for the appropriate options.
 - spo_sguil. Fixed issue with duplication of alerts.
 - Completely re-written database plugin for performance optimisation against the original DB schema. 
NOTE: If you have intentions of running this new version we highly recommended you to clean two databases table for better performance: reference and sig_reference, not doing so will not break anything but could slow the startup caching process).
 - New Bro output plugin (thanks to Seth Hall)
 - A new syslog plugin (syslog_full) that support local and remote TCP and UDP syslog. * Improvements
 - Improved support against the latest Unified 2 format. Extended headers are read, however no plugins use the information currently.
 - Improved core IPv6 support.
 - Compile under cygwin
 - And many, many bugfixes.

 You can download the source in a number of ways:
 - https://github.com/firnsy/barnyard2/tags (as a zip/tarball)
 - git://github.com/firnsy/barnyard2.git (via a git clone)

 I would like to pay a special thanks to Eric Lauzon (the newest member of the core development team) and the many people who have helped along the road: Russell Fulton, Tim Shelton, JJ Cummings. Michael Steele, Brett Edgar, Bill Parker, Miguel Alvarez, Martin Holste, Jason Haar and any others who I may have missed.

Regards,

firnsy

Friday, September 21, 2012

Sourcefire VRT Certified Snort Rules Update for 09/21/2012

Just released: Sourcefire VRT Certified Snort Rules Update for 09/21/2012

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 17 new rules and made modifications to 9 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank James Lay for his contributions on rule: 24224
The VRT would like to thank Eoin Miller for his contributions on rules: 24227 24228

In VRT's rule release:
Synopsis: This release adds and modifies rules in several categories. 
Details: The Sourcefire VRT has added and modified multiple rules in the browser-ie, exploit, exploit-kit, file-identify, file-multimedia, file-other, malware-cnc and web-misc rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, September 18, 2012

Sourcefire VRT Certified Snort Rules Update for 09/18/2012, IE 0day

Just released:
Sourcefire VRT Certified Snort Rules Update for 09/18/2012

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 3 new rules and made modifications to 17 additional rules.

There were no changes made to the snort.conf in this release.


In VRT's rule release:
Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
browser-ie, exploit-kit, file-identify and malware-cnc rule sets to
provide coverage for emerging threats from these technologies.



In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Monday, September 17, 2012

Sourcefire VRT Certified Snort Rules Update for 09/17/2012, IE 0day

Just released:
Sourcefire VRT Certified Snort Rules Update for 09/17/2012


We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 39 new rules and made modifications to 21 additional rules.


There were no changes made to the snort.conf in this release.


In VRT's rule release:
Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
blacklist, browser-firefox, browser-ie, file-identify, file-image,
file-office, file-other, malware-backdoor, malware-cnc, sql,
web-activex and web-php rule sets to provide coverage for emerging
threats from these technologies.



In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, September 13, 2012

Sourcefire VRT Certified Snort Rules Update for 09/13/2012

Just released:
Sourcefire VRT Certified Snort Rules Update for 09/13/2012

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 34 new rules and made modifications to 13 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals their contributions:
James Lay:
24171
Eoin Miller:
23058

In VRT's rule release:
Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
blacklist, exploit-kit, file-flash, file-identify, file-other,
file-pdf, indicator-obfuscation, malware-cnc, malware-other and
web-misc rule sets to provide coverage for emerging threats from these
technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, September 11, 2012

Sourcefire VRT Certified Snort Rules Update for 09/11/2012

Just released:
Sourcefire VRT Certified Snort Rules Update for 09/11/2012

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 26 new rules and made modifications to 331 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank Christopher Granger for his work on rule 24127.

In VRT's rule release:
Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
blacklist, browser-ie, exploit-kit, file-identify, file-image,
file-multimedia, file-office, file-other, file-pdf,
indicator-compromise, indicator-obfuscation, malware-backdoor,
malware-cnc, malware-other, misc, mysql, policy-other, policy-social,
scada, shellcode, specific-threats, web-activex, web-client and web-php
rule sets to provide coverage for emerging threats from these
technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, September 6, 2012

Sourcefire VRT Certified Snort Rules Update for 09/06/2012, Rule Re-categorization

Just released:
Sourcefire VRT Certified Snort Rules Update for 09/06/2012

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 28 new rules and made modifications to 1028 additional rules.

Be sure you have the following in your snort.conf to get all the new rules:

include $RULE_PATH/app-detect.rules
include $RULE_PATH/browser-chrome.rules
include $RULE_PATH/browser-firefox.rules
include $RULE_PATH/browser-ie.rules
include $RULE_PATH/browser-other.rules
include $RULE_PATH/browser-webkit.rules
include $RULE_PATH/exploit-kit.rules
include $RULE_PATH/file-executable.rules
include $RULE_PATH/file-flash.rules
include $RULE_PATH/file-image.rules
include $RULE_PATH/file-multimedia.rules
include $RULE_PATH/malware-backdoor.rules
include $RULE_PATH/malware-cnc.rules
include $RULE_PATH/malware-other.rules
include $RULE_PATH/malware-tools.rules
include $RULE_PATH/policy-multimedia.rules
include $RULE_PATH/file-office.rules
include $RULE_PATH/file-other.rules
include $RULE_PATH/file-pdf.rules
include $RULE_PATH/indicator-compromise.rules
include $RULE_PATH/indicator-obfuscation.rules
include $RULE_PATH/policy-multimedia.rules
include $RULE_PATH/policy-other.rules
include $RULE_PATH/policy-social.rules
include $RULE_PATH/pua-p2p.rules
include $RULE_PATH/pua-toolbars.rules
include $RULE_PATH/server-mail.rules


There were no changes made to the snort.conf in this release.

The VRT would like to thank James Lay for his contribution of the following rule:
24102

In VRT's rule release:
Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
app-detect, blacklist, browser-firefox, exploit-kit, file-executable,
file-identify, file-image, file-multimedia, file-office, file-other,
file-pdf, indicator-compromise, malware-backdoor, malware-cnc,
malware-other, malware-tools, mysql, netbios, oracle, policy-other,
specific-threats, spyware-put, telnet, web-activex, web-client and
web-php rule sets to provide coverage for emerging threats from these
technologies.



In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, September 4, 2012

Sourcefire VRT Certified Snort Rules Update for 09/04/2012, Rule Recategorization

Just released:
Sourcefire VRT Certified Snort Rules Update for 09/04/2012


We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 21 new rules and made modifications to 2482 additional rules.

As you can see, thousands of rules have been moved, please read this post to stay current and make sure you add the new files in for the best detection

There were no changes made to the snort.conf in this release.

In VRT's rule release:
Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
blacklist, browser-chrome, browser-firefox, browser-ie, browser-other,
browser-webkit, exploit, exploit-kit, file-executable, file-flash,
file-identify, file-image, file-multimedia, file-office, file-other,
file-pdf, indicator-compromise, indicator-obfuscation,
malware-backdoor, malware-cnc, malware-other, malware-tools, mysql,
netbios, policy-other, spyware-put, voip, web-activex, web-client,
web-iis and web-php rule sets to provide coverage for emerging threats
from these technologies.



In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!