Tuesday, December 11, 2018

Snort rule update for Dec. 11, 2018 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Dec. 11, 2018

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 55 new rules, including 10 that are shared object rules. There are also three modified rules, none of which are shared object rules.

This release covers Microsoft Patch Tuesday, which included fixes for 38 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.

Tuesday, December 4, 2018

Snort rule update for Dec. 4, 2018

Just released:
Snort Subscriber Rule Set Update for Dec. 4, 2018

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced nine new rules, five of which are shared object rules. There are no modified rules in this release.

This release provides coverage Zebrocy malware, which recently resurfaced in the wild, as well as a variant of the tRat malware that's being spread via malicious emails.

Thursday, November 29, 2018

Snort rule update for Nov. 29, 2018

Just released:
Snort Subscriber Rule Set Update for Nov. 29, 2018

Cisco Talos just released the newest SNORTⓇ rule set. In this release, we introduced 10 new rules, six of which are shared object rules. There are also three modified rules.

This release provides coverage for a new trojan from the well-known APT Sofacy, as well as a critical vulnerability in Cisco Prime License Manager.

Tuesday, November 27, 2018

Snort rule update for Nov. 27, 2018

Just released:
Snort Subscriber Rule Set Update for Nov. 27, 2018

We welcome the introduction of the newest rule release from Cisco Talos. In this release, we introduced five new rules, none of which are shared object rules. There are no modified rules in this release.

This release provides coverage for the "DNSpionage" campaign that Talos has seen targeting government agencies in the Middle East. You can read more on that campaign here.

Wednesday, November 21, 2018

Snort rule update for Nov. 21, 2018


Just released:
Snort Subscriber Rule Set Update for Nov. 21, 2018

We welcome the introduction of the newest rule release from Cisco Talos. In this release, we introduced four new rules, none of which are shared object rules. There are also two modified rules.


Tuesday, November 20, 2018

Snort rule update for Nov. 20, 2018

Just released:
Snort Subscriber Rule Set Update for Nov. 20, 2018

Today, Cisco Talos released the newest SNORTⓇ rule update. In this release, we introduced eight new rules, two of which are shared object rules. There are also 51 modified rules, none of which are shared object rules.

Friday, November 16, 2018

Snort rule update for Nov. 16, 2018

Just released:
Snort Subscriber Rule Set Update for Nov. 16, 2018

We welcome the introduction of the newest rule release from Cisco Talos. In this release, we introduced seven new rules, none of which are shared object rules. There are no modified rules.

Thursday, November 15, 2018

Snort rule update for Nov. 15, 2018

Just released:
Snort Subscriber Rule Set Update for Nov. 15, 2018

The newest SNORTⓇ rule release is here from Cisco Talos. In this release, we introduced seven new rules, two of which are shared object rules. There are also four modified shared object rules.

Tuesday, November 13, 2018

Snort rule update for Nov. 13 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Nov. 13, 2018

Today, Cisco Talos released the newest SNORTⓇ rule update. In this release, we introduced 45 new rules, six of which are shared object rules. There are also eight modified rules.

This release covers Microsoft Patch Tuesday. As part of the company's monthly security update, it disclosed 54 vulnerabilities, 11 of which are rated "critical." There is also a critical advisory covering security updates to Adobe Flash Player. For more information on these vulnerabilities, read Talos' full blog post here.

Friday, November 9, 2018

Critical Snort rule update for Adobe ColdFusion

Just released:
Snort Subscriber Rule Set Update for Nov. 9, 2018

Cisco Talos just released a critical SNORTⓇ rule release2. that provides coverage for a vulnerability in Adobe ColdFusion. Attackers are targeting unpatched versions of the web development platform by exploiting CVE-2018-15961.

Thursday, November 8, 2018

Snort rule update for Nov. 8, 2018

Just released:
Snort Subscriber Rule Set Update for Nov. 8, 2018

We welcome the introduction of the newest rule release from Talos. In this release, we introduced 60 new rules, four of which are shared object rules. There are also three modified rules, of which one is a shared object rule.

This update contains coverage for the recently discovered GreyEnergy malware, which is believed to be the successor to the BlackEnergy attack.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the file-other, indicator-obfuscation, malware-cnc, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.

Tuesday, November 6, 2018

Snort rule update for Nov. 6, 2018

Just released:
Snort Subscriber Rule Set Update for Nov. 6, 2018

The newest SNORTⓇ rule release is here courtesy of Cisco Talos. In this release, we introduced 29 new rules, of two of which are shared object rules. There are also five modified rules.

Thursday, November 1, 2018

Snort rule update for Nov. 1, 2018

Just released:
Snort Subscriber Rule Set Update for Nov. 1, 2018

The newest SNORTⓇ ruleset is here from Cisco Talos. In this release, we introduced five new rules, of which two are shared object rules. There are also 17 modified rules, none of which are shared object rules.

Tuesday, October 30, 2018

Snort rule update for Oct. 30, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 30, 2018

The newest SNORTⓇ rule release from Cisco Talos is here with 10 new rules, five of which are shared object rules. There are also two modified rules, of which one is a shared object rule.

Thursday, October 25, 2018

Snort rule update for Oct. 25, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 25, 2018

The newest SNORTⓇ rule release from Cisco Talos is here. In this release, we introduced 19 new rules, two of which are shared object rules. There are also two modified shared object rules.

This release provides coverage for an out-of-bounds write flaw in the processing of Vorbis audio data, as well as a vulnerability in the Simple Network Management Protocol input packet processor of Cisco NX-OS Software.

Tuesday, October 23, 2018

Snort rule update for Oct. 23, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 23, 2018

Cisco Talos welcomes the newest SNORTⓇ rule release. In this release, we introduced 11 new rules, four of which are shared object. There are also two modified rules, none of which are shared object rules.

Thursday, October 18, 2018

Snort rule update for Oct. 18, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 18, 2018

The newest SNORTⓇ rule release is here from Cisco Talos. In this release, we introduced 31 new rules, three of which are shared object rules. There are also five modified rules, of which three are shared object rules.

Tuesday, October 16, 2018

Snort rule update for Oct. 16, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 16, 2018

Cisco Talos just released the newest rule set for SNORTⓇ. In this release, we introduced 31 new rules, none of which are shared object rules. There are also 30 modified rules.

Thursday, October 11, 2018

Snort 2.9.12.0 has been released

Please join us as we welcome SNORTⓇ 2.9.12.0 to the family!

Some release notes on this latest version:

New Additions

  • Parsing HTTP CONNECT to extract the tunnel IP and port information.
  • Alerting and dechunking for chunked encoding in HTTP1.0 request and response.

Snort 2.9.11.0 end of life warning

SNORTⓇ subscribers, as many of you may have noticed, we've been keeping Snort version releases around a lot longer over the past couple of years.

We are currently working on revising our end of life (EOL) policy to take into account a mix of time and market share. Essentially, we will begin to shut down versions of Snort that make up less than 10 percent of our downloads or have been around for five years, whichever comes first. More details will be released about this soon.

Snort rule update for Oct. 11, 2018


Just released:
Snort Subscriber Rule Set Update for Oct. 11, 2018

Today, Cisco Talso released the newest rule update for SNORTⓇ. In this release, we introduced 67 new rules, none of which are shared object rules. There are also four modified rules.

This release contains coverage for several Adobe vulnerabilities, including bugs in Flash Player, Acrobat and Reader.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, deleted, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, malware-cnc, os-linux, os-other, os-windows, protocol-dns, pua-adware, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, October 9, 2018

Snort rule update for Oct. 9 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for Oct. 9, 2018

The newest SNORTⓇ rule set from Cisco Talos is here, covering the numerous vulnerabilities disclosed as part of Microsoft Patch Tuesday.

In this release, we introduced 29 new rules, of which four are shared object rules. There are no modified rules.

If you would like to know more about the monthly security update from Microsoft, visit the Talos blog here.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Microsoft Vulnerability CVE-2010-3190: A coding deficiency exists in MFC that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 18619 through 18623 and 18625 through 18629.

Microsoft Vulnerability CVE-2018-8333: A coding deficiency exists in Microsoft Filter Manager that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48055 through 48056.

Microsoft Vulnerability CVE-2018-8411: A coding deficiency exists in NTFS that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48057 through 48058.

Microsoft Vulnerability CVE-2018-8413: A coding deficiency exists in Microsoft Windows Theme API that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48059 through 48060.

Microsoft Vulnerability CVE-2018-8423: A coding deficiency exists in Microsoft JET Database Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 47885 through 47888.

Microsoft Vulnerability CVE-2018-8453: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48072 through 48073.

Microsoft Vulnerability CVE-2018-8460: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48045 through 48046.

Microsoft Vulnerability CVE-2018-8486: A coding deficiency exists in DirectX Graphics Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48047 through 48048.

Microsoft Vulnerability CVE-2018-8491: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48049 through 48050.

Microsoft Vulnerability CVE-2018-8492: A coding deficiency exists in Microsoft Device Guard that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48062 through 48063.

Microsoft Vulnerability CVE-2018-8495: A coding deficiency exists in Microsoft Windows Shell that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48053 through 48054.

Microsoft Vulnerability CVE-2018-8505: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 48051 through 48052.

Talos also has added and modified multiple rules in the browser-ie, file-executable, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Thursday, October 4, 2018

Snort rule blog post for Oct. 4, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 4, 2018

Cisco Talos just released the newest SNORTⓇ rule set. In this release, we introduced 46 new rules, three of which are shared object rules. There are also 22 modified rules.

This release covers additional Adobe Acrobat and Reader vulnerabilities that were disclosed on Oct. 1. The Snort rule release from earlier this week also addressed some of these bugs. Talos specifically discovered CVE-2018-12852, a remote code execution flaw in Acrobat that could allow an attacker to manipulate the victim machine's memory and execute code.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the deleted, file-image, file-multimedia, file-other, file-pdf, malware-cnc, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, October 2, 2018

Snort rule update for Oct. 2, 2018


Just released:
Snort Subscriber Rule Set Update for Oct. 2, 2018

Today, Cisco Talos released the newest SNORTⓇ rule update. In this release, we introduced 79 new rules, none of which are shared object rules. There are also 22 modified rules.

This release mainly covers more than 80 vulnerabilities that Adobe recently disclosed in its Acrobat and Reader products. An attacker could exploit these bugs to execute code in the context of the current user.

Thursday, September 27, 2018

Snort rule update for Sept. 27, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 27, 2018

Today, Cisco Talos released the newest rule update for SNORTⓇ. In this release, we introduced 27 new rules, of which six are shared object rules. There are no modified rules in this update.

This release provides coverage for multiple important vulnerabilities in Cisco IOS XE, as well as a new malware variant from the OilRig APT that has been spotted targeting governments in the Middle East. Our rules block any outbound connections that the malware tries to make.

Tuesday, September 25, 2018

Snort rule update for Sept. 25, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 25, 2018

Today, Cisco Talos released the newest rule update for SNORTⓇ. In this release, we introduced 13 new rules, of which one is a shared object rule. There is also one modified rule.

This release covers vulnerabilities in the Microsoft JET Database Engine, as well as Adobe Acrobat Reader.

Thursday, September 20, 2018

Snort rule update for Sept. 20, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 20, 2018

Tonight, Cisco Talos has released the latest SNORTⓇ rule update. In this release, we introduced 20 new rules, two of which are shared object rules. There are also four modified rules, none of which are shared object rules.

This release protects against a variety of malware, including the newly discovered Xbash malware, which combines the features of a cryptocurrency miner and ransomware. We also have coverage for three vulnerabilities in Cisco's Webex software that could allow an attacker to execute arbitrary code on a victim machine.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the deleted, file-image, file-other, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Wednesday, September 19, 2018

Snort rule update for Sept. 19, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 19, 2018

We welcome the introduction of the newest rule release from Talos. In this release, we introduced eight new rules, none of which are shared object rules. There are also seven modified rules.

This rule release primarily covers vulnerabilities that were recently disclosed in Adobe Acrobat and Reader. The two products contain a series of critical and important bugs that could allow an attacker to execute code on the victim machine with the same rights as the current user.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, September 18, 2018

Snort rule update for Sept. 18, 2018


Just released:
Snort Subscriber Rule Set Update for Sept. 18, 2018

The newest Snort rule update rule release was released this morning by Cisco Talos. In this release, we introduced 37 new rules, three of which are shared object rules. There are also 2,155 modified rules, none of which are shared object rules.

This release provides coverage for multiple bugs in Adobe ColdFusion and Flash Player, as well as the malware families njrat and DownloadGuide.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the exploit-kit, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, netbios, os-linux, os-mobile, os-other, os-windows, policy-other, protocol-dns, protocol-ftp, protocol-icmp, protocol-imap, protocol-rpc, protocol-scada, protocol-services, protocol-snmp, protocol-tftp, protocol-voip, pua-adware, pua-toolbars, server-apache, server-iis, server-mail, server-mssql, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Thursday, September 13, 2018

Snort rule update for Sept. 13, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 13, 2018

Today, we welcome the newest rule release from Talos. In this release, we introduced 48 new rules, of six which are shared object rules. There are also 501 modified rules, none of which are shared object rules.

This update provides coverage for CVE-2018-8475, a coding deficiency in Microsoft Windows that could allow an attacker to execute code on the victim machine.

There are also rules addressing multiple vulnerabilities in Adobe Flash Player and Adobe ColdFusion, including two critical bugs.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos also has added and modified multiple rules in the app-detect, browser-chrome, browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, deleted, file-flash, file-image, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, September 11, 2018

Snort rule update for Sept. 11, 2018 — Microsoft Patch Tuesday

Just released:
SNORTⓇ Subscriber Rule Set Update for Sept. 11, 2018

Today, we welcome the introduction of the newest rule release from Talos. In this release, we introduced 46 new rules, 20 of which are shared object rules. There are also eight modified rules, of which four are shared object rules.

This release covers Microsoft Patch Tuesday. The monthly security update from Microsoft disclosed dozens of vulnerabilities across multiple products, including the Internet Explorer and Edge web browsers, as well as the Chakra scripting engine. If you would like to know more about these vulnerabilities, check out Talos' full blog post on Patch Tuesday here.

Our rule update also adds new protections against the MysteryBot malware, a family that's been spotted on Android platforms.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser: 47723

Talos's rule release: Talos is aware of vulnerabilities affecting products from Microsoft Corporation.
Microsoft Vulnerability CVE-2018-8367: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47734 through 47735.

Microsoft Vulnerability CVE-2018-8391: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47736 through 47737.

Microsoft Vulnerability CVE-2018-8410: A coding deficiency exists in Microsoft Windows Registry that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47745 through 47746.

Microsoft Vulnerability CVE-2018-8420: A coding deficiency exists in MS XML that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47747 through 47748.

Microsoft Vulnerability CVE-2018-8440: A coding deficiency exists in Microsoft Windows ALPC that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 47702 through 47703.

Microsoft Vulnerability CVE-2018-8442: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47717 through 47718.

Microsoft Vulnerability CVE-2018-8447: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47730 through 47731.

Microsoft Vulnerability CVE-2018-8449: A coding deficiency exists in Microsoft Device Guard that may lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47740 through 47741.

Microsoft Vulnerability CVE-2018-8456: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45142 through 45143.

Microsoft Vulnerability CVE-2018-8459: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47732 through 47733.

Microsoft Vulnerability CVE-2018-8461: Microsoft Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47738 through 47739.

Microsoft Vulnerability CVE-2018-8464: A coding deficiency exists in Microsoft Edge PDF that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 42311 through 42312.

Microsoft Vulnerability CVE-2018-8466: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8467: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 47742 through 47743.

Microsoft Vulnerability CVE-2018-8470: A coding deficiency exists in Microsoft Internet Explorer that may lead to a security feature bypass.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 47761.

Talos also has added and modified multiple rules in the browser-ie, file-office, file-other, file-pdf, malware-cnc, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Thursday, September 6, 2018

Snort rule update for Sept. 6, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 6, 2018

Today, Cisco Talos released the newest rule set for SNORTⓇ rule release from Talos. In this release, we introduced 21 new rules, of which 11 are Shared Object rules. There is also one modified rule.

In this release, there is plenty of coverage for a slew of vulnerabilities that Cisco revealed this week, including flaws in Cisco Umbrella's API and the RV series of wireless routers.

There were no changes made to the snort.conf in this release.

Talos's rule release:
  • New SO rules: 11 
  • New Rules: 10 
  • Modified Rules: 1
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, September 4, 2018

Snort rule update for Sept. 4, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 4, 2018.

We welcome the introduction of the newest rule release from Talos. In this release, we introduced 11 new rules, of which one is a Shared Object rule. There are also 32 modified rules.

We continue to provide coverage for a slew of Adobe vulnerabilities that were disclosed in mid-August. There are also several rules that cover critical flaws in Apache Struts 2, many of which impact Cisco products.

There were no changes made to the snort.conf in this release.

Talos's rule release:

  • New SO rules: 1  

  •  Modified SO rules: 0 

  • New Rules: 10 

  • Modified Rules: 32
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Thursday, August 30, 2018

Snort rule update for Aug. 30, 2018


Just released:
Snort Subscriber Rule Set Update for Aug. 30, 2018

We know everyone is still buzzing about the announcement yesterday that Snort 3 is now in beta, but the protection of our users still comes first, so as always, we have the new rule update for Snort here.

In this release, we introduced 16 new rules, of which four are Shared Object rules. There are also two modified rules.

This release covers several vulnerabilities in Cisco products, including TelePresence. We are also continuing development of new rules for the slew of Adobe vulnerabilities that have been disclosed over the past few weeks.

There were no changes made to the snort.conf in this release.

Cisco Talos's rule release:

  • New SO rules: 4
  • New Rules: 14
  • Modified Rules: 2

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Wednesday, August 29, 2018

Snort 3 beta available now!

We know our customers and community members have been waiting a while for this — so we are thrilled to announce that Snort 3 (build 247) is available in beta now. Snort 3 is a redesign of Snort 2 with a number of significant improvements.

Here are some highlights you should know about before downloading:
  • Configuration — We use LuaJIT for configuration. The config syntax is simple, consistent, and executable. LuaJIT plugins for rule options and loggers are supported, too.
  • Detection — We have worked closely with Cisco Talos to update rules to meet their needs, including a feature they call "sticky buffers." With the use of the Hyperscan search engine, regex fast patterns make rules faster and more accurate.
  • HTTP — We have a new and stateful HTTP inspector that currently handles 99 percent of the HTTP Evader cases, and will soon cover all of them. There are many new features, as well, including new rule options. HTTP/2 support is under development.
  • Performance — We have substantially increased performance for deep packet inspection.  Snort 3 supports multiple packet-processing threads, and scales linearly with a much smaller amount of memory required for shared configs, like rule engines.
  • JSON event logging — These can be used to integrate with tools such as the Elastic Stack.  See this blog post for more details.
  • Plugins — Snort 3 was designed to be extensible and there are over 225 of plugins of various types. It is easy to add your own codec, inspector, rule action, rule option, or logger.  SO rules are plugins, too, and it is much easier to add your own.
You can get Snort 3 from snort.org or from GitHub.

These packages / repositories are available:
  • snort3 — The main engine source code and plugins
  • snort3_extra — Other experimental and example plugins
  • snort3_demo — A test suite with working examples
We push updates to GitHub multiple times per week, and the master branch is always stable.

In addition to the cool new features, Snort 3 also supports all the capabilities of Snort 2.9.11, but we aren't done. Coming soon, we have:
  • Next generation DAQ
  • Connection events
  • Search engine acceleration
  • ... and much more.
Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.

Happy Snorting!
The Snort Release Team

Tuesday, August 28, 2018

Snort Rule Update for Aug. 28, 2018

Cisco Talos has just released the new Snort Rule update for Aug. 28, 2018.

In this release, we introduced 31 new rules, two of which are Shared Object rules. There were no rule modifications in this release.

The new rules provide additional coverage for several critical vulnerabilities in Adobe Reader that could allow an attacker to arbitrarily execute code on a victim machine. There is also protection against the recently discovered Marap malware, which has been spotted in the wild targeting financial institutions.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

PT Security — 47567 and 47427

Yaser — 47639, 47640 and 47650

Talos's rule release:


  • New SO rules: 2
  • New Rules: 29

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users, be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.

Thursday, August 23, 2018

Snort Rule update for Aug. 23, 2018

Cisco Talos has just released the news Snort Rule update for Aug. 23, 2018.

In this release, we introduced one new rule and made modifications to three additional rules. We continue to protect users against several different vulnerabilities in Adobe products, including Acrobat Reader and Pro.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser — 47627

Talos's rule release:

  • New SO rules: 0 
  • Modified SO Rules: 0 
  • New Rules: 1 
  • Modified Rules: 3
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, August 21, 2018

Snort Rule Update for Aug. 21, 2018

Just released:
Snort Subscriber Rule Set Update for Aug. 21, 2018

We welcome the introduction of the newest rule release from Talos. In this release, we introduced 40 new rules, of which four are Shared Object rules. There are also seven modifications to rules, of which two are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
New SO rules: 4 Modified SO Rules 2 New Rules: 36 Modified Rules: 7
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 16, 2018

Snort OpenAppID Detectors have been updated!

An update has been released today for the Snort OpenAppID Detector content. This release, build 303, includes
  • A total of 2,828 detectors. 
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.

Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.11.0's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

New Snort Subscriber Rule Set for Aug. 16, 2018


Just released:
Snort Subscriber Rule Set Update for Aug. 16, 2018

The newest rule release from Talos was released this morning. In this release, we introduced 47 new rules. Of those, three are shared object rules and made modifications to five additional rules, none of which are shared object rules.

There are several notable new rules in this release, including coverage for multiple "important" bugs in Adobe Flash Player (rules 47529 - 47535, 45768 and 45769). There's also new protections against the Plead malware family, which is a remotely controlled backdoor (rules 47566 and 47567).

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser: 47556 and 47557

Talos's rule release:

  • New SO rules: Three

  • No modified SO Rules

  • New Rules: 44

  • Modified Rules: Five
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, August 14, 2018

Snort Subscriber Rule Set Update for 08/14/2018, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 08/14/2018

We welcome the introduction of the newest rule release from Talos. In this release we introduced 55 new rules of which 6 are Shared Object rules and made modifications to 10 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-8266:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47490 through 47491.

Microsoft Vulnerability CVE-2018-8344:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47519 through 47520.

Microsoft Vulnerability CVE-2018-8345:
A coding deficiency exists in Microsoft LNK that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47476 through 47477.

Microsoft Vulnerability CVE-2018-8353:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45877 through 45878.

Microsoft Vulnerability CVE-2018-8355:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47492 through 47493.

Microsoft Vulnerability CVE-2018-8371:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8372:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47478 through 47479.

Microsoft Vulnerability CVE-2018-8376:
A coding deficiency exists in Microsoft PowerPoint that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47482 through 47483.

Microsoft Vulnerability CVE-2018-8379:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47495 through 47496.

Microsoft Vulnerability CVE-2018-8383:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47474 through 47475.

Microsoft Vulnerability CVE-2018-8384:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47480 through 47481.

Microsoft Vulnerability CVE-2018-8387:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47486 through 47487.

Microsoft Vulnerability CVE-2018-8389:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47484 through 47485.

Microsoft Vulnerability CVE-2018-8401:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47517 through 47518.

Microsoft Vulnerability CVE-2018-8403:
A coding deficiency exists in Microsoft Browser that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47488 through 47489.

Microsoft Vulnerability CVE-2018-8404:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47503 through 47504.

Microsoft Vulnerability CVE-2018-8405:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47515 through 47516.

Microsoft Vulnerability CVE-2018-8406:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47512 through 47513.

Microsoft Vulnerability CVE-2018-8414:
A coding deficiency exists in Microsoft Windows Shell that may lead to
remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46999 through 47002.

Talos also has added and modified multiple rules in the browser-ie,
file-executable, file-office, file-other, indicator-compromise,
malware-cnc, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 9, 2018

Snort Subscriber Rule Set Update for 08/09/2018

Just released:
Snort Subscriber Rule Set Update for 08/09/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules of which 0 are Shared Object rules and made modifications to 11 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-plugins, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, August 7, 2018

Snort Subscriber Rule Set Update for 08/07/2018

Just released:
Snort Subscriber Rule Set Update for 08/07/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 30 new rules of which 10 are Shared Object rules and made modifications to 13 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-other, file-image, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, August 3, 2018

Snort Subscriber Rule Set Update for 08/03/2018

Just released:
Snort Subscriber Rule Set Update for 08/03/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 1 new rules of which 0 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Microsoft Vulnerability CVE-2018-8414: A coding deficiency exists in Microsoft Windows OS that may lead to remote code execution with minimal to no user interaction. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information.

They are also included in this release and are identified with GID 1, SIDs 46999 through 47002. Talos also has added and modified multiple rules in the malware-cnc rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 2, 2018

Snort Subscriber Rule Set Update for 08/02/2018

Just released:
Snort Subscriber Rule Set Update for 08/02/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 14 new rules of which 1 are Shared Object rules and made modifications to 2 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the file-other, malware-cnc, policy-other, protocol-voip, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 31, 2018

Snort Subscriber Rule Set Update for 07/31/2018

Just released:
Snort Subscriber Rule Set Update for 07/31/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 46 new rules of which 12 are Shared Object rules and made modifications to 12 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
47386
47387
47388
47389
47390
47414
47415



Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 26, 2018

Snort Subscriber Rule Set Update for 07/26/2018

Just released:
Snort Subscriber Rule Set Update for 07/26/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 27 new rules of which 5 are Shared Object rules and made modifications to 8 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Volexity
47320


Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 24, 2018

Snort Subscriber Rule Set Update for 07/24/2018

Just released:
Snort Subscriber Rule Set Update for 07/24/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 45 new rules of which 4 are Shared Object rules and made modifications to 10 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
47338


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-executable, file-image, file-office, file-other, file-pdf, malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, July 20, 2018

Snort Subscriber Rule Set Update for 07/19/2018

Just released:
Snort Subscriber Rule Set Update for 07/19/2018

We welcome the introduction of the newest rule release from Talos. In this release we introduced 59 new rules of which 6 are Shared Object rules and made modifications to 3 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-other, file-pdf, malware-cnc, malware-other, os-other, policy-other and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 17, 2018

Snort Subscriber Rule Set Update for 07/17/2018

Just released:
Snort Subscriber Rule Set Update for 07/17/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 65 new rules of which 1 are Shared Object rules and made modifications to 13 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-flash, file-image, file-office, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 12, 2018

Snort Subscriber Rule Set Update for 07/12/2018

Just released:
Snort Subscriber Rule Set Update for 07/12/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules of which 1 are Shared Object rules and made modifications to 16 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-image, file-other, file-pdf, indicator-obfuscation, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 10, 2018

Snort Subscriber Rule Set Update for 07/10/2018, Microsoft Tuesday

Just released:
Snort Subscriber Rule Set Update for 07/10/2018, Microsoft


We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules of which 1 are Shared Object rules and made modifications to 13 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
47093
47094
47095


Talos's rule release:
Details:
Microsoft Vulnerability CVE-2018-0949:
Microsoft Internet Explorer suffers from programming errors that may
lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47091 through 47092.

Microsoft Vulnerability CVE-2018-8125:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47117 through 47118.

Microsoft Vulnerability CVE-2018-8242:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8262:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47113 through 47114.

Microsoft Vulnerability CVE-2018-8274:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47107 through 47108.

Microsoft Vulnerability CVE-2018-8275:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47100 through 47101.

Microsoft Vulnerability CVE-2018-8278:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47119 through 47120.

Microsoft Vulnerability CVE-2018-8279:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47098 through 47099.

Microsoft Vulnerability CVE-2018-8282:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47096 through 47097.

Microsoft Vulnerability CVE-2018-8283:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47121 through 47122.

Microsoft Vulnerability CVE-2018-8288:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8289:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47111 through 47112.

Microsoft Vulnerability CVE-2018-8291:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47109 through 47110.

Microsoft Vulnerability CVE-2018-8296:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8297:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45121 through 45122.

Microsoft Vulnerability CVE-2018-8298:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47102 through 47103.

Microsoft Vulnerability CVE-2018-8324:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47141 through 47142.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 5, 2018

Snort 3 Installation Documentation Updates for Ubuntu 14, 16 and 18 posted.



Noah Dietrich, one of the members in the community has submitted this document for hosting on Snort.org. We would like to thank Mr. Dietrich for his efforts and dedication into writing this piece of documentation. If you have any questions in regards to the documentation, please submit it via the author (Mr. Dietrich) or on the Snort.org Users mailing list

As always, our documentation can be found https://www.snort.org/documents

The link directly to the updated doc provided by Mr Dietrich, can be found here.


Thank you again to Mr Dietrich and the community for help making this product / documentation great.




Snort Subscriber Rule Set Update for 07/05/2018

Just released:
Snort Subscriber Rule Set Update for 07/05/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 6 new rules of which 0 are Shared Object rules and made modifications to 11 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-executable, file-identify, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 3, 2018

Snort Subscriber Rule Set Update for 07/03/2018

Just released:
Snort Subscriber Rule Set Update for 07/03/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 22 new rules of which 2 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-office, file-pdf, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 28, 2018

Snort Subscriber Rule Set Update for 06/28/2018

Just released:
Snort Subscriber Rule Set Update for 06/28/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 32 new rules of which 6 are Shared Object rules and made modifications to 8 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-multimedia, file-office, file-other, indicator-compromise, malware-cnc, policy-other, server-other and sql rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 26, 2018

Snort Subscriber Rule Set Update for 06/26/2018

Just released:
Snort Subscriber Rule Set Update for 06/26/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules of which 2 are Shared Object rules and made modifications to 14 additional rules of which 12 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-chrome, browser-ie, browser-other, browser-webkit, file-multimedia, file-office, indicator-compromise, malware-cnc, malware-other, os-windows, protocol-dns and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 21, 2018

Snort Subscriber Rule Set Update for 06/21/2018

Just released:
Snort Subscriber Rule Set Update for 06/21/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 25 new rules of which 14 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the indicator-compromise, malware-cnc, os-other, server-iis and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Wednesday, June 20, 2018

Snort Subscriber Rule Set Update for 06/19/2018

Just released:
Snort Subscriber Rule Set Update for 06/19/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 15 new rules of which 0 are Shared Object rules and made modifications to 152 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46922
47005
47006


Talos's rule release:
Talos has added and modified multiple rules in the browser-chrome, exploit-kit, file-identify, file-office, file-other, indicator-compromise, malware-backdoor, malware-cnc, malware-other, netbios and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 14, 2018

Snort Subscriber Rule Set Update for 06/14/2018

Just released:
Snort Subscriber Rule Set Update for 06/14/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 12 new rules of which 0 are Shared Object rules and made modifications to 1 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46969
46970

Talos's rule release:
Talos has added and modified multiple rules in the server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 12, 2018

Snort Subscriber Rule Set Update for 06/12/2018, Release 2

Just released:
Snort Subscriber Rule Set Update for 06/12/2018, Release 2


We welcome the introduction of the newest rule release from Talos. In this release we introduced 2 new rules of which 0 are Shared Object rules and made modifications to 0 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Microsoft Vulnerability CVE-2018-8214: A coding deficiency exists in Microsoft Windows Desktop Bridge that may lead to elevation of privilege. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46961 through 46962.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort Subscriber Rule Set Update for 06/12/2018, MsTuesday

Just released:
Snort Subscriber Rule Set Update for 06/12/2018, MsTuesday


We welcome the introduction of the newest rule release from Talos. In this release we introduced 44 new rules of which 0 are Shared Object rules and made modifications to 9 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Microsoft Vulnerability CVE-2018-0978: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46942 through 46943.

Microsoft Vulnerability CVE-2018-1036: A coding deficiency exists in NTFS that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46955 through 46956.

Microsoft Vulnerability CVE-2018-8110: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46927 through 46928.

Microsoft Vulnerability CVE-2018-8111: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46929 through 46930.

Microsoft Vulnerability CVE-2018-8169: A coding deficiency exists in HIDParser that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46957 through 46958.

Microsoft Vulnerability CVE-2018-8208: A coding deficiency exists in Microsoft Windows Desktop Bridge that may lead to elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46953 through 46954.

Microsoft Vulnerability CVE-2018-8210: A coding deficiency exists in Microsoft Windows that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46055 through 46056 and 46058 through 46059.

Microsoft Vulnerability CVE-2018-8225: A coding deficiency exists in Microsoft Windows DNSAPI that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 46935.

Microsoft Vulnerability CVE-2018-8229: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46933 through 46934.

Microsoft Vulnerability CVE-2018-8233: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46938 through 46939.

Microsoft Vulnerability CVE-2018-8236: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

A previously released rule will detect attacks targeting these vulnerabilities and has been updated with the appropriate reference information. It is included in this release and is identified with GID 1, SID 45628.

Microsoft Vulnerability CVE-2018-8248: A coding deficiency exists in Microsoft Excel that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46940 through 46941.

Microsoft Vulnerability CVE-2018-8249: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46944 through 46945.

Microsoft Vulnerability CVE-2018-8251: A coding deficiency exists in Microsoft Media Foundation that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46947 through 46948.

Microsoft Vulnerability CVE-2018-8267: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46951 through 46952.

Talos also has added and modified multiple rules in the browser-ie, file-flash, file-office, file-other, indicator-compromise, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!