Thursday, May 31, 2018

Snort Subscriber Rule Set Update for 05/31/2018

Just released:
Snort Subscriber Rule Set Update for 05/31/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 20 new rules of which 6 are Shared Object rules and made modifications to 2 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the browser-other, exploit-kit, file-office, file-pdf, indicator-compromise, malware-cnc, malware-other, os-linux, os-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Wednesday, May 30, 2018

Snort Subscriber Rule Set Update for 05/29/2018

Just released:
Snort Subscriber Rule Set Update for 05/29/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 27 new rules of which 0 are Shared Object rules and made modifications to 2 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-other, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort 3 installation guide for Ubuntu 14, 16, & 17 has been posted!

Along with the other guides I just posted, I've also updated Noah Dietrich's guide for installing Snort 3 on Ubuntu 14, 16, & 17.

Snort 3 (and all Snort) setup guides can be found on our documentation page.

Thank you Noah!

Snort 3 installation guides for CentOS 7 and FreeBSD 11 have been published!

Thanks to one of our wonderful community members, Yaser Mansour, I've uploaded two new Snort 3 guides for CentOS 7 and FreeBSD 11.

Snort 3 (and all Snort) setup guides can be found on our documentation page.

Thank you Yaser!

Thursday, May 24, 2018

Snort Subscriber Rule Set Update for 05/24/2018

Just released:
Snort Subscriber Rule Set Update for 05/24/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 30 new rules of which 0 are Shared Object rules and made modifications to 79 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46665
46666
46747
46748
46817
46818
46819
46802
46803
46804
46805
46806

46378
46487
46488
46612
46611
46742
46763
46744
46421
46423
46416
46433
46434
46435
46436
46437
46438
46339


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, netbios, os-linux, os-windows, protocol-other, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort Subscriber Rule Set Update for 05/22/2018, VPNFilter

Just released:
Snort Subscriber Rule Set Update for 05/22/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 31 new rules of which 7 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

This release also provides coverage for the VPNFilter threat.



Talos's rule release:
Talos has added and modified multiple rules in the browser-firefox, browser-ie, deleted, file-office, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort++ Github Changes

The Snort++ project has moved to an organization account on github.  Please update your remote to pull directly from the new repo:

    https://github.com/snort3/snort3.git

Note that the old remote will be forwarded to the new repo automatically until you switch over.

In addition, there are now two new repos:

    https://github.com/snort3/snort3_demo.git
    https://github.com/snort3/snort3_extra.git

The demo repo provides a BATS test suite to validate and demonstrate various use cases.  It currently has over 50 tests and will continue to grow.  It is also a great way to report bugs with everything required for reproduction.  If you have other uses cases to contribute, please open a pull request.

The extra repo has the code that was in snort3/extra/.  It was split into a separate repo to make it easier to manage and completely optional.  This is a great place to add plugins you would like to contribute to the community.

Questions or suggestions about these repos should go to snort-devel@lists.snort.org.
 


Thursday, May 17, 2018

Snort Subscriber Rule Set Update for 05/17/2018

Just released:
Snort Subscriber Rule Set Update for 05/17/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules of which 6 are Shared Object rules and made modifications to 18 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-pdf, malware-backdoor, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 15, 2018

Snort Subscriber Rule Set Update for 05/15/2018

Just released:
Snort Subscriber Rule Set Update for 05/15/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 97 new rules of which 1 are Shared Object rules and made modifications to 12 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-other, file-pdf, indicator-compromise, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Monday, May 14, 2018

Snort.org update, user accounts, and mailing list assistance

To ensure that our users have control over their accounts, we have added a new feature to Snort.org (for some reason, we never had)... if you no longer require your account on Snort.org, you may now delete it.

After you log into your account, you will see a new "Delete Account" button:



This action will delete your account (which contains your email address, last logged in IP, and oinkcode).  In addition to deleting your account, it will also attempt to unsubscribe you from our four mailing lists.

We've also added the ability to subscribe and unsubscribe from the mailing lists below the "Login" section of the account.  Placing a checkbox in the mailing list you'd like to subscribe (or unsubscribe) to, and hitting the appropriate button (Subscribe on the left or Unsubscribe on the right) will send an email to the mailing list with your request. In turn, you will be required to verify your request via an email that will be sent to your inbox.  This is a double confirmation.

That's it!  Snort.org holds no other data on you or your user account, and all records of your account being present will be completely removed.

Thank you so much for supporting Snort.  With over 600,000 active user accounts and about 1000 new accounts created every week, our community continues to grow at a rapid pace.

Thursday, May 10, 2018

Snort Subscriber Rule Set Update for 05/10/2018

Just released:
Snort Subscriber Rule Set Update for 05/10/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 34 new rules of which 2 are Shared Object rules and made modifications to 11 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the deleted, file-pdf, malware-cnc, malware-other, netbios, os-linux, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 8, 2018

Snort Subscriber Rule Set Update for 05/08/2018, MsTuesday

Just released:
Snort Subscriber Rule Set Update for 05/08/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 68 new rules of which 5 are Shared Object rules and made modifications to 15 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-0946:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46544 through 46545.

Microsoft Vulnerability CVE-2018-0951:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0953:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0954:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-0955:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46554 through 46555.

Microsoft Vulnerability CVE-2018-8120:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46546 through 46547.

Microsoft Vulnerability CVE-2018-8122:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46594 through 46595.

Microsoft Vulnerability CVE-2018-8123:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45121 through 45122.

Microsoft Vulnerability CVE-2018-8124:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46538 through 46539.

Microsoft Vulnerability CVE-2018-8133:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8137:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46606 through 46607.

Microsoft Vulnerability CVE-2018-8147:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46552 through 46553.

Microsoft Vulnerability CVE-2018-8148:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46556 through 46557.

Microsoft Vulnerability CVE-2018-8157:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46558 through 46559.

Microsoft Vulnerability CVE-2018-8158:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46560 through 46561.

Microsoft Vulnerability CVE-2018-8161:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46601 through 46602.

Microsoft Vulnerability CVE-2018-8162:
A coding deficiency exists in Microsoft Excel that may lead to remote
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 38785 through 38786.

Microsoft Vulnerability CVE-2018-8164:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46562 through 46563.

Microsoft Vulnerability CVE-2018-8165:
A coding deficiency exists in DirectX Graphics Kernel that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46596 through 46597.

Microsoft Vulnerability CVE-2018-8166:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46564 through 46565.

Microsoft Vulnerability CVE-2018-8167:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46603 through 46604.

Microsoft Vulnerability CVE-2018-8174:
A coding deficiency exists in Microsoft Windows VBScript Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46548 through 46549.

Talos also has added and modified multiple rules in the browser-ie,
file-flash, file-office, file-other, file-pdf, malware-cnc, os-windows,
server-oracle and server-webapp rule sets to provide coverage for
emerging threats from these technologies.



In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, May 3, 2018

Snort Subscriber Rule Set Update for 05/03/2018

Just released:
Snort Subscriber Rule Set Update for 05/03/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 55 new rules of which 9 are Shared Object rules and made modifications to 19 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46501
46502


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-multimedia, file-other, file-pdf, malware-cnc, os-windows, policy-other, protocol-imap, pua-adware, server-apache, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, May 1, 2018

Snort Subscriber Rule Set Update for 05/01/2018

Just released:
Snort Subscriber Rule Set Update for 05/01/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 19 new rules of which 8 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the deleted, file-image, file-pdf, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort OpenAppID Detectors have been updated!

An update has been released today for the Snort OpenAppID Detector content. This release, build 297, includes
  • A total of 2,842 detectors. 
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.

Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.11.0's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.