Thursday, August 16, 2018

Snort OpenAppID Detectors have been updated!

An update has been released today for the Snort OpenAppID Detector content. This release, build 303, includes
  • A total of 2,828 detectors. 
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.

Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.11.0's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

New Snort Subscriber Rule Set for Aug. 16, 2018


Just released:
Snort Subscriber Rule Set Update for Aug. 16, 2018

The newest rule release from Talos was released this morning. In this release, we introduced 47 new rules. Of those, three are shared object rules and made modifications to five additional rules, none of which are shared object rules.

There are several notable new rules in this release, including coverage for multiple "important" bugs in Adobe Flash Player (rules 47529 - 47535, 45768 and 45769). There's also new protections against the Plead malware family, which is a remotely controlled backdoor (rules 47566 and 47567).

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser: 47556 and 47557

Talos's rule release:

  • New SO rules: Three

  • No modified SO Rules

  • New Rules: 44

  • Modified Rules: Five
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.

Tuesday, August 14, 2018

Snort Subscriber Rule Set Update for 08/14/2018, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 08/14/2018

We welcome the introduction of the newest rule release from Talos. In this release we introduced 55 new rules of which 6 are Shared Object rules and made modifications to 10 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-8266:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47490 through 47491.

Microsoft Vulnerability CVE-2018-8344:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47519 through 47520.

Microsoft Vulnerability CVE-2018-8345:
A coding deficiency exists in Microsoft LNK that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47476 through 47477.

Microsoft Vulnerability CVE-2018-8353:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45877 through 45878.

Microsoft Vulnerability CVE-2018-8355:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47492 through 47493.

Microsoft Vulnerability CVE-2018-8371:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8372:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47478 through 47479.

Microsoft Vulnerability CVE-2018-8376:
A coding deficiency exists in Microsoft PowerPoint that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47482 through 47483.

Microsoft Vulnerability CVE-2018-8379:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47495 through 47496.

Microsoft Vulnerability CVE-2018-8383:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47474 through 47475.

Microsoft Vulnerability CVE-2018-8384:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47480 through 47481.

Microsoft Vulnerability CVE-2018-8387:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47486 through 47487.

Microsoft Vulnerability CVE-2018-8389:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47484 through 47485.

Microsoft Vulnerability CVE-2018-8401:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47517 through 47518.

Microsoft Vulnerability CVE-2018-8403:
A coding deficiency exists in Microsoft Browser that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47488 through 47489.

Microsoft Vulnerability CVE-2018-8404:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47503 through 47504.

Microsoft Vulnerability CVE-2018-8405:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47515 through 47516.

Microsoft Vulnerability CVE-2018-8406:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47512 through 47513.

Microsoft Vulnerability CVE-2018-8414:
A coding deficiency exists in Microsoft Windows Shell that may lead to
remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46999 through 47002.

Talos also has added and modified multiple rules in the browser-ie,
file-executable, file-office, file-other, indicator-compromise,
malware-cnc, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 9, 2018

Snort Subscriber Rule Set Update for 08/09/2018

Just released:
Snort Subscriber Rule Set Update for 08/09/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules of which 0 are Shared Object rules and made modifications to 11 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-plugins, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, August 7, 2018

Snort Subscriber Rule Set Update for 08/07/2018

Just released:
Snort Subscriber Rule Set Update for 08/07/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 30 new rules of which 10 are Shared Object rules and made modifications to 13 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-other, file-image, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, August 3, 2018

Snort Subscriber Rule Set Update for 08/03/2018

Just released:
Snort Subscriber Rule Set Update for 08/03/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 1 new rules of which 0 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Microsoft Vulnerability CVE-2018-8414: A coding deficiency exists in Microsoft Windows OS that may lead to remote code execution with minimal to no user interaction. Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information.

They are also included in this release and are identified with GID 1, SIDs 46999 through 47002. Talos also has added and modified multiple rules in the malware-cnc rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, August 2, 2018

Snort Subscriber Rule Set Update for 08/02/2018

Just released:
Snort Subscriber Rule Set Update for 08/02/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 14 new rules of which 1 are Shared Object rules and made modifications to 2 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the file-other, malware-cnc, policy-other, protocol-voip, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 31, 2018

Snort Subscriber Rule Set Update for 07/31/2018

Just released:
Snort Subscriber Rule Set Update for 07/31/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 46 new rules of which 12 are Shared Object rules and made modifications to 12 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
47386
47387
47388
47389
47390
47414
47415



Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 26, 2018

Snort Subscriber Rule Set Update for 07/26/2018

Just released:
Snort Subscriber Rule Set Update for 07/26/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 27 new rules of which 5 are Shared Object rules and made modifications to 8 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Volexity
47320


Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 24, 2018

Snort Subscriber Rule Set Update for 07/24/2018

Just released:
Snort Subscriber Rule Set Update for 07/24/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 45 new rules of which 4 are Shared Object rules and made modifications to 10 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
47338


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-executable, file-image, file-office, file-other, file-pdf, malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, July 20, 2018

Snort Subscriber Rule Set Update for 07/19/2018

Just released:
Snort Subscriber Rule Set Update for 07/19/2018

We welcome the introduction of the newest rule release from Talos. In this release we introduced 59 new rules of which 6 are Shared Object rules and made modifications to 3 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-other, file-pdf, malware-cnc, malware-other, os-other, policy-other and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 17, 2018

Snort Subscriber Rule Set Update for 07/17/2018

Just released:
Snort Subscriber Rule Set Update for 07/17/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 65 new rules of which 1 are Shared Object rules and made modifications to 13 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-flash, file-image, file-office, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 12, 2018

Snort Subscriber Rule Set Update for 07/12/2018

Just released:
Snort Subscriber Rule Set Update for 07/12/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules of which 1 are Shared Object rules and made modifications to 16 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-image, file-other, file-pdf, indicator-obfuscation, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 10, 2018

Snort Subscriber Rule Set Update for 07/10/2018, Microsoft Tuesday

Just released:
Snort Subscriber Rule Set Update for 07/10/2018, Microsoft


We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules of which 1 are Shared Object rules and made modifications to 13 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
47093
47094
47095


Talos's rule release:
Details:
Microsoft Vulnerability CVE-2018-0949:
Microsoft Internet Explorer suffers from programming errors that may
lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47091 through 47092.

Microsoft Vulnerability CVE-2018-8125:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47117 through 47118.

Microsoft Vulnerability CVE-2018-8242:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8262:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47113 through 47114.

Microsoft Vulnerability CVE-2018-8274:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47107 through 47108.

Microsoft Vulnerability CVE-2018-8275:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47100 through 47101.

Microsoft Vulnerability CVE-2018-8278:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47119 through 47120.

Microsoft Vulnerability CVE-2018-8279:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47098 through 47099.

Microsoft Vulnerability CVE-2018-8282:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47096 through 47097.

Microsoft Vulnerability CVE-2018-8283:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47121 through 47122.

Microsoft Vulnerability CVE-2018-8288:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8289:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47111 through 47112.

Microsoft Vulnerability CVE-2018-8291:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47109 through 47110.

Microsoft Vulnerability CVE-2018-8296:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8297:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45121 through 45122.

Microsoft Vulnerability CVE-2018-8298:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47102 through 47103.

Microsoft Vulnerability CVE-2018-8324:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47141 through 47142.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 5, 2018

Snort 3 Installation Documentation Updates for Ubuntu 14, 16 and 18 posted.



Noah Dietrich, one of the members in the community has submitted this document for hosting on Snort.org. We would like to thank Mr. Dietrich for his efforts and dedication into writing this piece of documentation. If you have any questions in regards to the documentation, please submit it via the author (Mr. Dietrich) or on the Snort.org Users mailing list

As always, our documentation can be found https://www.snort.org/documents

The link directly to the updated doc provided by Mr Dietrich, can be found here.


Thank you again to Mr Dietrich and the community for help making this product / documentation great.




Snort Subscriber Rule Set Update for 07/05/2018

Just released:
Snort Subscriber Rule Set Update for 07/05/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 6 new rules of which 0 are Shared Object rules and made modifications to 11 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-executable, file-identify, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 3, 2018

Snort Subscriber Rule Set Update for 07/03/2018

Just released:
Snort Subscriber Rule Set Update for 07/03/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 22 new rules of which 2 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-office, file-pdf, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 28, 2018

Snort Subscriber Rule Set Update for 06/28/2018

Just released:
Snort Subscriber Rule Set Update for 06/28/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 32 new rules of which 6 are Shared Object rules and made modifications to 8 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-multimedia, file-office, file-other, indicator-compromise, malware-cnc, policy-other, server-other and sql rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 26, 2018

Snort Subscriber Rule Set Update for 06/26/2018

Just released:
Snort Subscriber Rule Set Update for 06/26/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules of which 2 are Shared Object rules and made modifications to 14 additional rules of which 12 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-chrome, browser-ie, browser-other, browser-webkit, file-multimedia, file-office, indicator-compromise, malware-cnc, malware-other, os-windows, protocol-dns and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 21, 2018

Snort Subscriber Rule Set Update for 06/21/2018

Just released:
Snort Subscriber Rule Set Update for 06/21/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 25 new rules of which 14 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the indicator-compromise, malware-cnc, os-other, server-iis and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Wednesday, June 20, 2018

Snort Subscriber Rule Set Update for 06/19/2018

Just released:
Snort Subscriber Rule Set Update for 06/19/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 15 new rules of which 0 are Shared Object rules and made modifications to 152 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46922
47005
47006


Talos's rule release:
Talos has added and modified multiple rules in the browser-chrome, exploit-kit, file-identify, file-office, file-other, indicator-compromise, malware-backdoor, malware-cnc, malware-other, netbios and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 14, 2018

Snort Subscriber Rule Set Update for 06/14/2018

Just released:
Snort Subscriber Rule Set Update for 06/14/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 12 new rules of which 0 are Shared Object rules and made modifications to 1 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46969
46970

Talos's rule release:
Talos has added and modified multiple rules in the server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 12, 2018

Snort Subscriber Rule Set Update for 06/12/2018, Release 2

Just released:
Snort Subscriber Rule Set Update for 06/12/2018, Release 2


We welcome the introduction of the newest rule release from Talos. In this release we introduced 2 new rules of which 0 are Shared Object rules and made modifications to 0 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Microsoft Vulnerability CVE-2018-8214: A coding deficiency exists in Microsoft Windows Desktop Bridge that may lead to elevation of privilege. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46961 through 46962.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort Subscriber Rule Set Update for 06/12/2018, MsTuesday

Just released:
Snort Subscriber Rule Set Update for 06/12/2018, MsTuesday


We welcome the introduction of the newest rule release from Talos. In this release we introduced 44 new rules of which 0 are Shared Object rules and made modifications to 9 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Microsoft Vulnerability CVE-2018-0978: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46942 through 46943.

Microsoft Vulnerability CVE-2018-1036: A coding deficiency exists in NTFS that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46955 through 46956.

Microsoft Vulnerability CVE-2018-8110: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46927 through 46928.

Microsoft Vulnerability CVE-2018-8111: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46929 through 46930.

Microsoft Vulnerability CVE-2018-8169: A coding deficiency exists in HIDParser that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46957 through 46958.

Microsoft Vulnerability CVE-2018-8208: A coding deficiency exists in Microsoft Windows Desktop Bridge that may lead to elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46953 through 46954.

Microsoft Vulnerability CVE-2018-8210: A coding deficiency exists in Microsoft Windows that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46055 through 46056 and 46058 through 46059.

Microsoft Vulnerability CVE-2018-8225: A coding deficiency exists in Microsoft Windows DNSAPI that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 46935.

Microsoft Vulnerability CVE-2018-8229: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46933 through 46934.

Microsoft Vulnerability CVE-2018-8233: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46938 through 46939.

Microsoft Vulnerability CVE-2018-8236: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

A previously released rule will detect attacks targeting these vulnerabilities and has been updated with the appropriate reference information. It is included in this release and is identified with GID 1, SID 45628.

Microsoft Vulnerability CVE-2018-8248: A coding deficiency exists in Microsoft Excel that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46940 through 46941.

Microsoft Vulnerability CVE-2018-8249: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46944 through 46945.

Microsoft Vulnerability CVE-2018-8251: A coding deficiency exists in Microsoft Media Foundation that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46947 through 46948.

Microsoft Vulnerability CVE-2018-8267: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46951 through 46952.

Talos also has added and modified multiple rules in the browser-ie, file-flash, file-office, file-other, indicator-compromise, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 7, 2018

Snort Subscriber Rule Set Update for 06/07/2018

Just released:
Snort Subscriber Rule Set Update for 06/07/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 37 new rules of which 14 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46884
46885
46895


Talos's rule release:
Talos has added and modified multiple rules in the browser-firefox, browser-other, browser-plugins, deleted, file-flash, file-multimedia, indicator-compromise, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 5, 2018

Snort Subscriber Rule Set Update for 06/05/2018

Just released:
Snort Subscriber Rule Set Update for 06/05/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 24 new rules of which 9 are Shared Object rules and made modifications to 9 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

PTSecurity
46847

Yaser Mansour
46872
46873


Talos's rule release:
Talos has added and modified multiple rules in the exploit-kit, file-image, file-office, file-pdf, malware-cnc, os-other, policy-other, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, June 1, 2018

2018 Snort Scholarship Winners

Snort® has selected David Jercinovic and Jared Nussbaum as the recipients of the 2018 Snort Scholarship. The scholarships, each worth $10,000, are awarded to university students that seek to further their education and gain hands-on experience in network security or related fields.

To qualify, applicants must be enrolled in a university that uses Snort to protect its network or uses Snort as part of the curriculum in the classroom. The scholarships assist the winning students in completing their degrees and covering educational costs. Snort selected David and Jared from a pool of Snort Scholarship applicants.

David graduated from Governors State University in May with his Bachelors of Science in Information Technology, Summa Cum Laude. He will be attending DePaul University College of Computing and Digital Media pursuing his Masters in Network Engineering and Security.

Jared is a Junior at University of Massachusetts, Amherst where he is majoring in Computer Science. He is beginning his second summer as an intern for Raytheon IDS as part of their IT Team. 

To assist the winning students in completing their degrees, Snort has awarded each a $10,000 scholarship for educational costs at the students’ respective universities. 

Sourcefire, now a part of Cisco, developed the Snort Scholarship in 2004 as a way to give back to the open source and security communities. Since the inception of the Snort Scholarship program fourteen years ago, Sourcefire has recognized university students from around the world, including the United States, Australia, Turkey, Mexico, the Netherlands and Rwanda. 

Snort is the world’s most widely deployed intrusion detection and prevention technology with more than 400,000 registered users and over 5 million downloads to date.

Congratulations to our winners!

Thursday, May 31, 2018

Snort Subscriber Rule Set Update for 05/31/2018

Just released:
Snort Subscriber Rule Set Update for 05/31/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 20 new rules of which 6 are Shared Object rules and made modifications to 2 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the browser-other, exploit-kit, file-office, file-pdf, indicator-compromise, malware-cnc, malware-other, os-linux, os-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Wednesday, May 30, 2018

Snort Subscriber Rule Set Update for 05/29/2018

Just released:
Snort Subscriber Rule Set Update for 05/29/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 27 new rules of which 0 are Shared Object rules and made modifications to 2 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-other, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort 3 installation guide for Ubuntu 14, 16, & 17 has been posted!

Along with the other guides I just posted, I've also updated Noah Dietrich's guide for installing Snort 3 on Ubuntu 14, 16, & 17.

Snort 3 (and all Snort) setup guides can be found on our documentation page.

Thank you Noah!

Snort 3 installation guides for CentOS 7 and FreeBSD 11 have been published!

Thanks to one of our wonderful community members, Yaser Mansour, I've uploaded two new Snort 3 guides for CentOS 7 and FreeBSD 11.

Snort 3 (and all Snort) setup guides can be found on our documentation page.

Thank you Yaser!

Thursday, May 24, 2018

Snort Subscriber Rule Set Update for 05/24/2018

Just released:
Snort Subscriber Rule Set Update for 05/24/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 30 new rules of which 0 are Shared Object rules and made modifications to 79 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46665
46666
46747
46748
46817
46818
46819
46802
46803
46804
46805
46806

46378
46487
46488
46612
46611
46742
46763
46744
46421
46423
46416
46433
46434
46435
46436
46437
46438
46339


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, netbios, os-linux, os-windows, protocol-other, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort Subscriber Rule Set Update for 05/22/2018, VPNFilter

Just released:
Snort Subscriber Rule Set Update for 05/22/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 31 new rules of which 7 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

This release also provides coverage for the VPNFilter threat.



Talos's rule release:
Talos has added and modified multiple rules in the browser-firefox, browser-ie, deleted, file-office, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort++ Github Changes

The Snort++ project has moved to an organization account on github.  Please update your remote to pull directly from the new repo:

    https://github.com/snort3/snort3.git

Note that the old remote will be forwarded to the new repo automatically until you switch over.

In addition, there are now two new repos:

    https://github.com/snort3/snort3_demo.git
    https://github.com/snort3/snort3_extra.git

The demo repo provides a BATS test suite to validate and demonstrate various use cases.  It currently has over 50 tests and will continue to grow.  It is also a great way to report bugs with everything required for reproduction.  If you have other uses cases to contribute, please open a pull request.

The extra repo has the code that was in snort3/extra/.  It was split into a separate repo to make it easier to manage and completely optional.  This is a great place to add plugins you would like to contribute to the community.

Questions or suggestions about these repos should go to snort-devel@lists.snort.org.
 


Thursday, May 17, 2018

Snort Subscriber Rule Set Update for 05/17/2018

Just released:
Snort Subscriber Rule Set Update for 05/17/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules of which 6 are Shared Object rules and made modifications to 18 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-pdf, malware-backdoor, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 15, 2018

Snort Subscriber Rule Set Update for 05/15/2018

Just released:
Snort Subscriber Rule Set Update for 05/15/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 97 new rules of which 1 are Shared Object rules and made modifications to 12 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-other, file-pdf, indicator-compromise, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Monday, May 14, 2018

Snort.org update, user accounts, and mailing list assistance

To ensure that our users have control over their accounts, we have added a new feature to Snort.org (for some reason, we never had)... if you no longer require your account on Snort.org, you may now delete it.

After you log into your account, you will see a new "Delete Account" button:



This action will delete your account (which contains your email address, last logged in IP, and oinkcode).  In addition to deleting your account, it will also attempt to unsubscribe you from our four mailing lists.

We've also added the ability to subscribe and unsubscribe from the mailing lists below the "Login" section of the account.  Placing a checkbox in the mailing list you'd like to subscribe (or unsubscribe) to, and hitting the appropriate button (Subscribe on the left or Unsubscribe on the right) will send an email to the mailing list with your request. In turn, you will be required to verify your request via an email that will be sent to your inbox.  This is a double confirmation.

That's it!  Snort.org holds no other data on you or your user account, and all records of your account being present will be completely removed.

Thank you so much for supporting Snort.  With over 600,000 active user accounts and about 1000 new accounts created every week, our community continues to grow at a rapid pace.

Thursday, May 10, 2018

Snort Subscriber Rule Set Update for 05/10/2018

Just released:
Snort Subscriber Rule Set Update for 05/10/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 34 new rules of which 2 are Shared Object rules and made modifications to 11 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the deleted, file-pdf, malware-cnc, malware-other, netbios, os-linux, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 8, 2018

Snort Subscriber Rule Set Update for 05/08/2018, MsTuesday

Just released:
Snort Subscriber Rule Set Update for 05/08/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 68 new rules of which 5 are Shared Object rules and made modifications to 15 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-0946:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46544 through 46545.

Microsoft Vulnerability CVE-2018-0951:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0953:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0954:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0955:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46554 through 46555.

Microsoft Vulnerability CVE-2018-8120:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46546 through 46547.

Microsoft Vulnerability CVE-2018-8122:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46594 through 46595.

Microsoft Vulnerability CVE-2018-8123:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45121 through 45122.

Microsoft Vulnerability CVE-2018-8124:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46538 through 46539.

Microsoft Vulnerability CVE-2018-8133:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8137:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46606 through 46607.

Microsoft Vulnerability CVE-2018-8147:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46552 through 46553.

Microsoft Vulnerability CVE-2018-8148:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46556 through 46557.

Microsoft Vulnerability CVE-2018-8157:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46558 through 46559.

Microsoft Vulnerability CVE-2018-8158:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46560 through 46561.

Microsoft Vulnerability CVE-2018-8161:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46601 through 46602.

Microsoft Vulnerability CVE-2018-8162:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 38785 through 38786.

Microsoft Vulnerability CVE-2018-8164:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46562 through 46563.

Microsoft Vulnerability CVE-2018-8165:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46596 through 46597.

Microsoft Vulnerability CVE-2018-8166:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46564 through 46565.

Microsoft Vulnerability CVE-2018-8167:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46603 through 46604.

Microsoft Vulnerability CVE-2018-8174:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46548 through 46549.

Talos also has added and modified multiple rules in the browser-ie,
file-flash, file-office, file-other, file-pdf, malware-cnc, os-windows,
server-oracle and server-webapp rule sets to provide coverage for
emerging threats from these technologies.



In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, May 3, 2018

Snort Subscriber Rule Set Update for 05/03/2018

Just released:
Snort Subscriber Rule Set Update for 05/03/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 55 new rules of which 9 are Shared Object rules and made modifications to 19 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46501
46502


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-multimedia, file-other, file-pdf, malware-cnc, os-windows, policy-other, protocol-imap, pua-adware, server-apache, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 1, 2018

Snort Subscriber Rule Set Update for 05/01/2018

Just released:
Snort Subscriber Rule Set Update for 05/01/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 19 new rules of which 8 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the deleted, file-image, file-pdf, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort OpenAppID Detectors have been updated!

An update has been released today for the Snort OpenAppID Detector content. This release, build 297, includes
  • A total of 2,842 detectors. 
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.

Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.11.0's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

Thursday, April 26, 2018

Snort Subscriber Rule Set Update for 04/26/2018

Just released:
Snort Subscriber Rule Set Update for 04/26/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 5 new rules of which 0 are Shared Object rules and made modifications to 16 additional rules of which 15 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Wednesday, April 25, 2018

Requiring at least TLS 1.2 for Snort.org

UPDATE: After some discussion on the mailing lists, and privately, we're going to postpone this until around the 1st of July.


Later this month, (currently planning) around April 25th, we will be forcing everyone who visits Snort.org, either via API (oinkcode) or the website to at least negotiate at TLS version 1.2 or 1.3.

Today we do not enforce this restriction, but as we move more and more things here at Snort / Talos / ClamAV to a more secure environment, we want to make sure everyone is doing so, at the best possible encryption level.

We already enforce HTTPS for every connection to any host on the snort.org domain (to include blog.snort.org starting this week, in case you didn't notice), and all HTTP connections are now redirected to HTTPS.  This change hasn't had any negative impact (as far as we can tell), as only 7% of connections in the past month to the snort.org domain were over HTTP.

What we are concerned about, are very old installations of Snort boxes out there that haven't been updated in some time (we know they exist), not being able to connect to Snort.org anymore.

We are assuming the majority of these to be blocked already, as they are attempting to download version "2.4.4" of the ruleset for example.

However, In an abundance of caution, and to isolate any issues that this may have, I figured I'd write this blog post just in case.

Tuesday, April 24, 2018

Snort Subscriber Rule Set Update for 04/24/2018

Just released:
Snort Subscriber Rule Set Update for 04/24/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 47 new rules of which 0 are Shared Object rules and made modifications to 3 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-office, malware-cnc, netbios, os-windows, pua-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Saturday, April 21, 2018

Snort Subscriber Rule Set Update for 04/19/2018

Just released:
Snort Subscriber Rule Set Update for 04/19/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 53 new rules of which 7 are Shared Object rules and made modifications to 16 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-executable, file-identify, file-other, indicator-compromise, malware-backdoor, malware-cnc, protocol-other, pua-adware, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, April 17, 2018

Snort Subscriber Rule Set Update for 04/17/2018

Just released:
Snort Subscriber Rule Set Update for 04/17/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 46 new rules of which 4 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-flash, file-office, malware-cnc, policy-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, April 12, 2018

Snort Subscriber Rule Set Update for 04/12/2018

Just released:
Snort Subscriber Rule Set Update for 04/12/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 33 new rules of which 5 are Shared Object rules and made modifications to 1 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-pdf, malware-backdoor, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, April 10, 2018

Snort Subscriber Rule Set Update for 04/10/2018, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 04/10/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 103 new rules of which 21 are Shared Object rules and made modifications to 10 additional rules of which 4 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-0870:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46243 through 46246.

Microsoft Vulnerability CVE-2018-0920:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46196 through 46197.

Microsoft Vulnerability CVE-2018-0950:
A coding deficiency exists in Microsoft Office that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46266 through 46267.

Microsoft Vulnerability CVE-2018-0980:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0986:
A coding deficiency exists in Microsoft Malware Protection Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46163 through 46164.

Microsoft Vulnerability CVE-2018-0988:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46198 through 46199.

Microsoft Vulnerability CVE-2018-0990:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46194 through 46195.

Microsoft Vulnerability CVE-2018-0991:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46206 through 46207.

Microsoft Vulnerability CVE-2018-0993:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46212 through 46213.

Microsoft Vulnerability CVE-2018-0994:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46220 through 46221.

Microsoft Vulnerability CVE-2018-0995:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46176 through 46177.

Microsoft Vulnerability CVE-2018-0996:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46218 through 46219.

Microsoft Vulnerability CVE-2018-0997:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46220 through 46221.

Microsoft Vulnerability CVE-2018-0998:
Microsoft Edge suffers from programming errors that may lead to a
security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46226 through 46227.

Microsoft Vulnerability CVE-2018-1001:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46228 through 46229.

Microsoft Vulnerability CVE-2018-1003:
A coding deficiency exists in Microsoft JET Database Engine that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46233 through 46234.

Microsoft Vulnerability CVE-2018-1004:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 37283 through 37284.

Microsoft Vulnerability CVE-2018-1010:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46200 through 46201.

Microsoft Vulnerability CVE-2018-1011:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46192 through 46193.

Microsoft Vulnerability CVE-2018-1012:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46230 through 46231.

Microsoft Vulnerability CVE-2018-1013:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46188 through 46189.

Microsoft Vulnerability CVE-2018-1015:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46214 through 46215.

Microsoft Vulnerability CVE-2018-1016:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46186 through 46187.

Microsoft Vulnerability CVE-2018-1018:
A coding deficiency exists in Microsoft Internet Explorer that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46204 through 46205.

Microsoft Vulnerability CVE-2018-1023:
A coding deficiency exists in Microsoft Browser that may lead to remote
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 37283 through 37284.

Microsoft Vulnerability CVE-2018-1026:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46184 through 46185.

Microsoft Vulnerability CVE-2018-1027:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46208 through 46209.

Microsoft Vulnerability CVE-2018-1028:
A coding deficiency exists in Microsoft Office Graphics that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46182 through 46183.

Microsoft Vulnerability CVE-2018-1029:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46180 through 46181.

Microsoft Vulnerability CVE-2018-1030:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46178 through 46179.


Talos also has added and modified multiple rules in the browser-ie,
file-flash, file-image, file-office, file-other, file-pdf, malware-cnc,
os-windows, policy-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!