Tuesday, June 24, 2014

Snort Subscriber Rule Set Update for 06/24/2014

Just released:
Snort Subscriber Rule Set Update for 06/24/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 35 new rules and made modifications to 11 additional rules.

There was one change made to the snort.conf in this release:

Port 2980 was added to HTTP_PORTS, http_inspect ports, and stream5 "ports both"


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-multimedia, file-office, file-other, malware-cnc, malware-other, os-mobile, pua-adware, pua-toolbars and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 19, 2014

Sourcefire VRT Certified Snort Rules Update for 06/19/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 06/19/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 45 new rules and made modifications to 8 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

James Lay:
31293

Avery Tarasov:
31294
31295
31262


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, browser-ie, exploit-kit, file-flash, file-pdf, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 17, 2014

Sourcefire VRT Certified Snort Rules Update for 06/17/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 06/17/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 23 new rules and made modifications to 29 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov:
31243
31244
31260
31261


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, file-flash, file-identify, file-multimedia, file-other, file-pdf, malware-backdoor and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 12, 2014

Sourcefire VRT Certified Snort Rules Update for 06/12/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 06/12/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 19 new rules and made modifications to 10 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
31221
31222


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, malware-cnc, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 10, 2014

Sourcefire VRT Certified Snort Rules Update for 06/10/2014, MSTUES

Just released:
Sourcefire VRT Certified Snort Rules Update for 06/10/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 39 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
Synopsis: The Sourcefire VRT is aware of vulnerabilities affecting products from
Microsoft Corporation.

Details:
Microsoft Security Bulletin MS14-032:
A coding deficiency in Microsoft Lync Server could lead to remote code
execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 31217.

Microsoft Security Bulletin MS14-035:
Microsoft Internet Explorer contains programming errors that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 31188 through 31191,
31194, 31196 through 31209, 31215 through 31216, and 31219 through
31220.


The Sourcefire VRT has also added and modified multiple rules in the
blacklist, browser-ie, indicator-compromise, malware-cnc,
malware-other, os-windows and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 5, 2014

Sourcefire VRT Certified Snort Rules Update for 06/05/2014 -- GnuTLS

Just released:
Sourcefire VRT Certified Snort Rules Update for 06/05/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 6 new rules and made modifications to 0 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
Synopsis: 
The Sourcefire VRT is aware of vulnerabilities affecting GnuTLS and OpenSSL. 
Details: 
GnuTLS Heap Overflow CVE-2014-3466: A programming error in GnuTLS exists that may lead to remote code execution. Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, 31176 through 31179. 
OpenSSL DTLS Recursion Flaw CVE-2014-0221: A coding deficiency in OpenSSL exists that may lead to a Denial of Service (DoS) attack. Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, 31180 through 31181.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 06/05/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 06/05/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 29 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, malware-cnc, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 3, 2014

Sourcefire VRT Certified Snort Rules Update for 06/03/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 06/03/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 52 new rules and made modifications to 26 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
31112
31113

Andre Dimino
31136

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-firefox, exploit, exploit-kit, file-identify, file-office, file-other, file-pdf, malware-backdoor, malware-cnc, malware-other, protocol-ftp, protocol-snmp, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!