Tuesday, May 31, 2016

Snort Subscriber Rule Set Update for 05/31/2016

Just released:
Snort Subscriber Rule Set Update for 05/31/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 40 new rules and made modifications to 13 additional rules.

There were no changes made to the snort.conf in this release.

We'd like to thank our community rule submitter for this release:

Yaser Mansour
39080

Talos's rule release:
Talos has added and modified multiple rules in the exploit-kit, file-image, file-office, file-pdf, malware-cnc, malware-other, os-windows, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Friday, May 27, 2016

Snort++ Update

Pushed build 198 to github (snortadmin/snort3):

  • add double-decoding to new_http_inspect
  • add obfuscation support for cmg and unified2
  • cleanup compiler warnings and memory leaks
  • fixup cmake builds
  • update file processing configuration
  • prevent profiler double counting on recursion
  • additional unit tests for high availability
  • fix multi-DAQ instance configuration

Thursday, May 26, 2016

Snort Subscriber Rule Set Update for 05/26/2016

Just released:
Snort Subscriber Rule Set Update for 05/26/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules and made modifications to 3 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
39064


Talos's rule release:
Talos has added and modified multiple rules in the blacklist, browser-plugins, file-other, file-pdf, malware-backdoor, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Wednesday, May 25, 2016

2016 Snort Scholarship Winners!

Columbia, MD – May 25, 2016 – Snort® today announced that it has selected Max Harley and Scott Hight  as the recipients of the 2016 Snort Scholarship. The scholarships, each worth $5,000, are awarded to university students around the world that use Snort to further their education and gain hands-on experience in network security.

To qualify, applicants must be enrolled in a university that uses Snort to protect its network or uses Snort as part of the curriculum in the classroom. The scholarships assist the winning students in completing their degrees and covering educational costs. Snort selected Max and Scott from a pool of Snort Scholarship applicants.

Max Harley is pursuing a Bachelors of Science in Computer Science at the College of Charleston and will be continuing his studies at Clemson University this upcoming fall.  

Scott Hight is pursing a Masters of Science in Cyber Security at Liberty University.

To assist the winning students in completing their degrees, Sourcefire has awarded each a $5,000 scholarship for educational costs at the students’ respective universities. 

Sourcefire, now a part of Cisco, developed the Snort Scholarship in 2004 as a way to give back to the open source and security communities. Since the inception of the Snort Scholarship program seven years ago, Sourcefire has recognized university students from around the world, including the United States, Australia, Turkey, Mexico, the Netherlands and Rwanda. 

Snort is the world’s most widely deployed intrusion detection and prevention technology with more than 400,000 registered users and over 5 million downloads to date.

Congratulations to our winners!

Tuesday, May 24, 2016

Snort Subscriber Rule Set Update for 05/24/2016

Just released:
Snort Subscriber Rule Set Update for 05/24/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 88 new rules and made modifications to 15 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

James Lay
38993


Talos's rule release:
Talos has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-executable, file-flash, file-image, file-office, file-other, file-pdf, malware-cnc, malware-tools, server-other and sql rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Thursday, May 19, 2016

Snort Subscriber Rule Set Update for 05/19/2016

Just released:
Snort Subscriber Rule Set Update for 05/19/2016

We welcome the introduction of the newest rule release from Talos. In this release we introduced 17 new rules and made modifications to 6 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
38950
38951
38952
38953

Talos's rule release:
Talos has added and modified multiple rules in the blacklist, browser-ie, exploit-kit, file-flash, file-other, file-pdf, malware-cnc, malware-other, policy-other, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 17, 2016

Snort Subscriber Rule Set Update for 05/17/2016

Just released:
Snort Subscriber Rule Set Update for 05/17/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 85 new rules and made modifications to 23 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset

Yaser Mansour
38886
38887
38888
38890
38891

Talos's rule release:
Talos has added and modified multiple rules in the browser-plugins, exploit-kit, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Wednesday, May 11, 2016

Snort Subscriber Rule Set Update for 05/11/2016

Just released:
Snort Subscriber Rule Set Update for 05/11/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 27 new rules and made modifications to 2 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-flash, file-identify, file-image, file-other, malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 10, 2016

Snort Subscriber Rule Set Update for 05/10/2016, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 05/10/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 90 new rules and made modifications to 7 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Security Bulletin MS16-051:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38763 through 38764, 38780 through
38781, 38828 through 38829, and 38841 through 38842.

Microsoft Security Bulletin MS16-052:
A coding deficiency exists in Microsoft Edge that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38776 through 38777 and 38805
through 38806.

Microsoft Security Bulletin MS16-053:
A coding deficiency exists in Microsft JScript and VBScript that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38828 through 38829.

Microsoft Security Bulletin MS16-054:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38782 through 38783 and 38785
through 38786.

Microsoft Security Bulletin MS16-055:
A coding deficiency exists in Microsoft Graphics Component that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38768 through 38773, 38797 through
38798, and 38816 through 38817.

Microsoft Security Bulletin MS16-056:
A coding deficiency exists in Microsoft Windows Journal that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38810 through 38815.

Microsoft Security Bulletin MS16-059:
A coding deficiency exists in Microsoft Windows Media Center that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38778 through 38779.

Microsoft Security Bulletin MS16-060:
A coding deficiency exists in the Microsoft Kernel that may lead to an
escalatin of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38803 through 38804.

Microsoft Security Bulletin MS16-061:
A coding deficiency exists in Microsoft RPC that may lead to an escalation of
privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38839 through 38840.

Microsoft Security Bulletin MS16-062:
A coding deficiency exists in Microsoft Kernel-Mode drivers that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 38759 through 38762, 38765 through
38766, 38774 through 38775, 38787 through 38788, 38801 through 38802, and 38808
through 38809.

Talos has added and modified multiple rules in the browser-ie, exploit-kit,
file-flash, file-image, file-office, file-other, file-pdf,
indicator-compromise, malware-cnc, os-windows, policy-other and server-webapp
rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Thursday, May 5, 2016

Snort Subscriber Rule Set Update for 05/05/2016

Just released:
Snort Subscriber Rule Set Update for 05/05/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 82 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the blacklist, exploit-kit, file-flash, file-image, file-multimedia, file-other, indicator-obfuscation, malware-backdoor, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 3, 2016

Snort++ Build 197 Available Now

Snort++ build 197 is now available on snort.org.  This is the latest monthly update available for download.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Bug Fixes:

  • cmake and pkgconfig fixes
  • fixed clang, gcc, and icc, build warnings
  • fix FreeBSD build
  • fix building against LuaJIT using only pkg-config
  • fix rule compilation for sticky buffers
  • miscellaneous warning and lint cleanup
  • update extras to better serve as examples
  • cleanup use of protocol numbers and identifiers
  • fixed so rule input / output
  • fixed protocol numbering issues
  • fixed 129:18
  • fix session parsing abort handling
  • perf_monitor config and format fixes
  • new_http_inspect unicode initialization bug fix
  • legacy search engine cleanup
  • fix process stats output
  • update extra version to alpha 4 - thanks to Henry Luciano <cuncator@mote.org> for reporting the issue
  • fix unit tests
  • fixed memory leaks
  • fixed static analysis issues

Enhancements:
  • use hwloc for CPU affinity
  • cmake - check all dependencies before fatal error
  • add configure --enable-address-sanitizer
  • add configure --enable-code-coverage
  • remove legacy/unused obfuscation api
  • stream_tcp refactoring; starting on updates
  • add dce rule options iface, opnum, smb, stub_data, tcp
  • add dce option for byte_extract/jump/test
  • initial side channel and file connector for high availability
  • initial high availability for UDP
  • new_http_inspect %u encoding and utf 8 bare byte
  • add UTF-8 normalization for new_http_inspect
  • unicode map file for new_http_inspect
  • host_cache and host_tracker config and stats updates
  • snort2Lua updates for preproc sensitive_data and sd_pattern option
  • dce2 port continued - add dce packet fragmentation
  • dce segmentation changes
  • dce smb header checks port - non segmented packets
  • memory manager updates
  • added iterative pruning for out of memory condition
  • added preemptive pruning to memory manager
  • added thread timing stats to perf_monitor
  • perf_monitor refactoring
  • added file capture stats
  • added packet_capture module
  • DAQ interface refactoring
  • updated catch headers to v1.4.0

Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team

Monday, May 2, 2016

Snort Subscriber Rule Set Update for 05/02/2016

Just released:
Snort Subscriber Rule Set Update for 05/02/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 7 new rules and made modifications to 17 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
CVE-2016-3081:
A coding deficiency exists in Apache Struts that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 21072, 21656, and 23631.

Talos has added and modified multiple rules in the blacklist, browser-ie,
malware-cnc and server-webapp rule sets to provide coverage for emerging
threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!