Thursday, March 29, 2018

Snort Subscriber Rule Set Update for 03/29/2018

Just released:
Snort Subscriber Rule Set Update for 03/29/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 34 new rules of which 18 are Shared Object rules and made modifications to 15 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46066
46067
46068
46069
46070


Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-office, file-other, malware-cnc, policy-other, protocol-other, protocol-snmp, protocol-voip, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, March 23, 2018

Snort Subscriber Rule Set Update for 03/23/2018

Just released:
Snort Subscriber Rule Set Update for 03/23/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 8 new rules of which 0 are Shared Object rules and made modifications to 0 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, March 22, 2018

Snort Subscriber Rule Set Update for 03/22/2018

Just released:
Snort Subscriber Rule Set Update for 03/22/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 8 new rules of which 0 are Shared Object rules and made modifications to 2 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, March 20, 2018

Snort Subscriber Rule Set Update for 03/20/2018

Just released:
Snort Subscriber Rule Set Update for 03/20/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 34 new rules of which 16 are Shared Object rules and made modifications to 18 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
45960
45961
45962
45963
45964
45965
45966
45967
45968
45983


Talos's rule release:
Talos has added and modified multiple rules in the app-detect, exploit-kit, file-image, file-other, file-pdf, malware-backdoor, malware-cnc, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Monday, March 19, 2018

Snort Subscriber Rule Set Update for 03/15/2018

Just released:
Snort Subscriber Rule Set Update for 03/15/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules of which 0 are Shared Object rules and made modifications to 22 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-plugins, deleted, malware-cnc, os-windows, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, March 16, 2018

Snort++ Update

Pushed build 244 to github (snortadmin/snort3:
  • appid: unit-tests for http detector plugins
  • build: address compiler warnings, spell check and static analyzer issues
  • build: extirpate autotools usage
  • build: fix compilation issue on FreeBSD with extra
  • byte_jump: updated byte_jump post_offset option to support variable
  • cmake: update CMake config to use GNUInstallDirs and match automake
  • daq: hext DAQ can generate start of flow and end of flow meta events
  • doc: add documentation for ftp telnet
  • doc: fix including config_changes.txt when ruby is not present
  • doc: update ftp time format link
  • doc: updates for HTTP/2
  • http_inspect: handle white space before chunk length
  • inspectors: probes run regardless of active policy
  • logger: update Hext Logger to subscribe and log DAQ Meta Packets
  • main: reload hosts while reloading config
  • memory: override C++14 delete operators as well
  • packet tracer: added ability to direct logging to file
  • perf_monitor: fixed flow_ip outputting erroneous values
  • perf_monitor: query modules for stats only after they have all loaded
  • snort: --rule-to-text [<delim>] raw string output
  • snort: allow colon separated directories for --daq-dir
  • snort: wrap SO_PUBLIC APIs (classes, functions exported public from snort) in the 'snort' namespace
Note that autotools support has been removed so you must use cmake to build.  If you have been using autotools, there is a configure_cmake.sh script available that functions similar to configure.

Wednesday, March 14, 2018

Snort Subscriber Rule Set Update for 03/13/2018, MsTuesday

Just released:
Snort Subscriber Rule Set Update for 03/13/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 72 new rules of which 3 are Shared Object rules and made modifications to 20 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-0817:
A coding deficiency exists in Microsoft Windows GDI that may lead to
elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45881 through 45882.

Microsoft Vulnerability CVE-2018-0872:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 42749 through 42750.

Microsoft Vulnerability CVE-2018-0874:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45875 through 45876.

Microsoft Vulnerability CVE-2018-0877:
A coding deficiency exists in Microsoft Windows Desktop Bridge VFS that
may lead to elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45873 through 45874.

Microsoft Vulnerability CVE-2018-0880:
A coding deficiency exists in Microsoft Windows Desktop Bridge that may
lead to elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45902 through 45903.

Microsoft Vulnerability CVE-2018-0882:
A coding deficiency exists in Microsoft Windows Desktop Bridge that may
lead to elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45900 through 45901.

Microsoft Vulnerability CVE-2018-0883:
A coding deficiency exists in Microsoft Shell that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45892 through 45895.

Microsoft Vulnerability CVE-2018-0889:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45887 through 45888.

Microsoft Vulnerability CVE-2018-0893:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45898 through 45899.

Microsoft Vulnerability CVE-2018-0903:
A coding deficiency exists in Microsoft Access that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45883 through 45884.

Microsoft Vulnerability CVE-2018-0922:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45879 through 45880.

Microsoft Vulnerability CVE-2018-0930:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45889 through 45890.

Microsoft Vulnerability CVE-2018-0933:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45378 through 45379 and 45628 through 45629.

Microsoft Vulnerability CVE-2018-0934:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0935:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 45877 through 45878.

Talos also has added and modified multiple rules in the browser-ie,
deleted, exploit-kit, file-executable, file-office, file-other,
indicator-compromise, malware-backdoor, malware-cnc, os-windows,
protocol-dns, protocol-scada and server-webapp rule sets to provide
coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, March 8, 2018

Snort Subscriber Rule Set Update for 03/08/2018

Just released:
Snort Subscriber Rule Set Update for 03/08/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 22 new rules of which 1 are Shared Object rules and made modifications to 3 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-other, file-pdf, os-windows, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, March 6, 2018

Snort Subscriber Rule Set Update for 03/06/2018

Just released:
Snort Subscriber Rule Set Update for 03/06/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 33 new rules of which 5 are Shared Object rules and made modifications to 12 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-other, file-other, file-pdf, malware-cnc, malware-other, malware-tools, policy-other, protocol-ftp, pua-other, server-iis, server-mysql, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Monday, March 5, 2018

Shared Object Rule OS build change is coming

Similar to my recent post, we will also be removing OpenSUSE 11/12 and Debian 6 from active support for Shared Object rules.

We have replaced those systems with support for:

OpenSUSE LEAP 15.0 x86-64
OpenSUSE LEAP 42.3 x86_64
Debian 7/8/9 for both 32bit and x64

Please provide us feedback here, or on the Snort-Sigs mailing list!  Thank you!

Talos Snort configuration files have been updated

I just posted the updated Talos Snort configuration files to the Documentation page on Snort.org.

Keeping in mind that the snort.conf file that ships with the Snort tarball is only up to date, when that tarball ships.  In order to make sure you stay updated to the latest recommended configurations, its recommended that the snort.conf is also kept current.

Talos keeps the tedious nature of updating the snort.conf in mind, and we try to minimize the amount of changes done.

Snort 3.0.0-a4 installation guide on OpenSUSE 42.3 has been posted

Thanks to our community member Boris Gomez, I've uploaded his recent copy of an installation guide for Snort 3 on OpenSUSE 42.3 to the Snort Documentation page.

We'll be sending some swag out to Boris very soon.

If you'd like to contribute to the Snort Documentation page, we'd love to hear from you!

Thursday, March 1, 2018

Snort Subscriber Rule Set Update for 03/01/2018

Just released:
Snort Subscriber Rule Set Update for 03/01/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 42 new rules of which 1 are Shared Object rules and made modifications to 5 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-other, file-pdf, indicator-obfuscation, os-windows, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Shared Object Rule OS build change is coming

In an upcoming release,  (we are targeting March 8th), we will be removing Ubuntu 10 and Ubuntu 12 from our Shared Object (SO) precompiled rule build system.

We have already added SO builds for Ubuntu 14, 16, and 17, in both 32bit and x64 to replace the older EOL'ed versions of Ubuntu.

Please provide us feedback here, or on the Snort-Sigs mailing list!  Thank you!