Thursday, June 21, 2018

Snort Subscriber Rule Set Update for 06/21/2018

Just released:
Snort Subscriber Rule Set Update for 06/21/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 25 new rules of which 14 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the indicator-compromise, malware-cnc, os-other, server-iis and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Wednesday, June 20, 2018

Snort Subscriber Rule Set Update for 06/19/2018

Just released:
Snort Subscriber Rule Set Update for 06/19/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 15 new rules of which 0 are Shared Object rules and made modifications to 152 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46922
47005
47006


Talos's rule release:
Talos has added and modified multiple rules in the browser-chrome, exploit-kit, file-identify, file-office, file-other, indicator-compromise, malware-backdoor, malware-cnc, malware-other, netbios and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 14, 2018

Snort Subscriber Rule Set Update for 06/14/2018

Just released:
Snort Subscriber Rule Set Update for 06/14/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 12 new rules of which 0 are Shared Object rules and made modifications to 1 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46969
46970

Talos's rule release:
Talos has added and modified multiple rules in the server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 12, 2018

Snort Subscriber Rule Set Update for 06/12/2018, Release 2

Just released:
Snort Subscriber Rule Set Update for 06/12/2018, Release 2


We welcome the introduction of the newest rule release from Talos. In this release we introduced 2 new rules of which 0 are Shared Object rules and made modifications to 0 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Microsoft Vulnerability CVE-2018-8214: A coding deficiency exists in Microsoft Windows Desktop Bridge that may lead to elevation of privilege. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46961 through 46962.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Snort Subscriber Rule Set Update for 06/12/2018, MsTuesday

Just released:
Snort Subscriber Rule Set Update for 06/12/2018, MsTuesday


We welcome the introduction of the newest rule release from Talos. In this release we introduced 44 new rules of which 0 are Shared Object rules and made modifications to 9 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Microsoft Vulnerability CVE-2018-0978: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46942 through 46943.

Microsoft Vulnerability CVE-2018-1036: A coding deficiency exists in NTFS that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46955 through 46956.

Microsoft Vulnerability CVE-2018-8110: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46927 through 46928.

Microsoft Vulnerability CVE-2018-8111: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46929 through 46930.

Microsoft Vulnerability CVE-2018-8169: A coding deficiency exists in HIDParser that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46957 through 46958.

Microsoft Vulnerability CVE-2018-8208: A coding deficiency exists in Microsoft Windows Desktop Bridge that may lead to elevation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46953 through 46954.

Microsoft Vulnerability CVE-2018-8210: A coding deficiency exists in Microsoft Windows that may lead to remote code execution.

Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46055 through 46056 and 46058 through 46059.

Microsoft Vulnerability CVE-2018-8225: A coding deficiency exists in Microsoft Windows DNSAPI that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 46935.

Microsoft Vulnerability CVE-2018-8229: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46933 through 46934.

Microsoft Vulnerability CVE-2018-8233: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46938 through 46939.

Microsoft Vulnerability CVE-2018-8236: A coding deficiency exists in Microsoft Edge that may lead to remote code execution.

A previously released rule will detect attacks targeting these vulnerabilities and has been updated with the appropriate reference information. It is included in this release and is identified with GID 1, SID 45628.

Microsoft Vulnerability CVE-2018-8248: A coding deficiency exists in Microsoft Excel that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46940 through 46941.

Microsoft Vulnerability CVE-2018-8249: A coding deficiency exists in Microsoft Internet Explorer that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46944 through 46945.

Microsoft Vulnerability CVE-2018-8251: A coding deficiency exists in Microsoft Media Foundation that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46947 through 46948.

Microsoft Vulnerability CVE-2018-8267: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 46951 through 46952.

Talos also has added and modified multiple rules in the browser-ie, file-flash, file-office, file-other, indicator-compromise, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, June 7, 2018

Snort Subscriber Rule Set Update for 06/07/2018

Just released:
Snort Subscriber Rule Set Update for 06/07/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 37 new rules of which 14 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
46884
46885
46895


Talos's rule release:
Talos has added and modified multiple rules in the browser-firefox, browser-other, browser-plugins, deleted, file-flash, file-multimedia, indicator-compromise, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, June 5, 2018

Snort Subscriber Rule Set Update for 06/05/2018

Just released:
Snort Subscriber Rule Set Update for 06/05/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 24 new rules of which 9 are Shared Object rules and made modifications to 9 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

PTSecurity
46847

Yaser Mansour
46872
46873


Talos's rule release:
Talos has added and modified multiple rules in the exploit-kit, file-image, file-office, file-pdf, malware-cnc, os-other, policy-other, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, June 1, 2018

2018 Snort Scholarship Winners

Snort® has selected David Jercinovic and Jared Nussbaum as the recipients of the 2018 Snort Scholarship. The scholarships, each worth $10,000, are awarded to university students that seek to further their education and gain hands-on experience in network security or related fields.

To qualify, applicants must be enrolled in a university that uses Snort to protect its network or uses Snort as part of the curriculum in the classroom. The scholarships assist the winning students in completing their degrees and covering educational costs. Snort selected David and Jared from a pool of Snort Scholarship applicants.

David graduated from Governors State University in May with his Bachelors of Science in Information Technology, Summa Cum Laude. He will be attending DePaul University College of Computing and Digital Media pursuing his Masters in Network Engineering and Security.

Jared is a Junior at University of Massachusetts, Amherst where he is majoring in Computer Science. He is beginning his second summer as an intern for Raytheon IDS as part of their IT Team. 

To assist the winning students in completing their degrees, Snort has awarded each a $10,000 scholarship for educational costs at the students’ respective universities. 

Sourcefire, now a part of Cisco, developed the Snort Scholarship in 2004 as a way to give back to the open source and security communities. Since the inception of the Snort Scholarship program fourteen years ago, Sourcefire has recognized university students from around the world, including the United States, Australia, Turkey, Mexico, the Netherlands and Rwanda. 

Snort is the world’s most widely deployed intrusion detection and prevention technology with more than 400,000 registered users and over 5 million downloads to date.

Congratulations to our winners!