Tuesday, July 31, 2018

Snort Subscriber Rule Set Update for 07/31/2018

Just released:
Snort Subscriber Rule Set Update for 07/31/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 46 new rules of which 12 are Shared Object rules and made modifications to 12 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
47386
47387
47388
47389
47390
47414
47415



Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 26, 2018

Snort Subscriber Rule Set Update for 07/26/2018

Just released:
Snort Subscriber Rule Set Update for 07/26/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 27 new rules of which 5 are Shared Object rules and made modifications to 8 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Volexity
47320


Talos's rule release:
Talos has added and modified multiple rules in the file-image, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 24, 2018

Snort Subscriber Rule Set Update for 07/24/2018

Just released:
Snort Subscriber Rule Set Update for 07/24/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 45 new rules of which 4 are Shared Object rules and made modifications to 10 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
47338


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-executable, file-image, file-office, file-other, file-pdf, malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Friday, July 20, 2018

Snort Subscriber Rule Set Update for 07/19/2018

Just released:
Snort Subscriber Rule Set Update for 07/19/2018

We welcome the introduction of the newest rule release from Talos. In this release we introduced 59 new rules of which 6 are Shared Object rules and made modifications to 3 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-image, file-other, file-pdf, malware-cnc, malware-other, os-other, policy-other and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 17, 2018

Snort Subscriber Rule Set Update for 07/17/2018

Just released:
Snort Subscriber Rule Set Update for 07/17/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 65 new rules of which 1 are Shared Object rules and made modifications to 13 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-flash, file-image, file-office, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 12, 2018

Snort Subscriber Rule Set Update for 07/12/2018

Just released:
Snort Subscriber Rule Set Update for 07/12/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules of which 1 are Shared Object rules and made modifications to 16 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-image, file-other, file-pdf, indicator-obfuscation, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 10, 2018

Snort Subscriber Rule Set Update for 07/10/2018, Microsoft Tuesday

Just released:
Snort Subscriber Rule Set Update for 07/10/2018, Microsoft


We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules of which 1 are Shared Object rules and made modifications to 13 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
47093
47094
47095


Talos's rule release:
Details:
Microsoft Vulnerability CVE-2018-0949:
Microsoft Internet Explorer suffers from programming errors that may
lead to a security feature bypass.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47091 through 47092.

Microsoft Vulnerability CVE-2018-8125:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47117 through 47118.

Microsoft Vulnerability CVE-2018-8242:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 46548 through 46549.

Microsoft Vulnerability CVE-2018-8262:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47113 through 47114.

Microsoft Vulnerability CVE-2018-8274:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47107 through 47108.

Microsoft Vulnerability CVE-2018-8275:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47100 through 47101.

Microsoft Vulnerability CVE-2018-8278:
A coding deficiency exists in Microsoft Edge that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47119 through 47120.

Microsoft Vulnerability CVE-2018-8279:
A coding deficiency exists in Microsoft Edge that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47098 through 47099.

Microsoft Vulnerability CVE-2018-8282:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47096 through 47097.

Microsoft Vulnerability CVE-2018-8283:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47121 through 47122.

Microsoft Vulnerability CVE-2018-8288:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8289:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47111 through 47112.

Microsoft Vulnerability CVE-2018-8291:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47109 through 47110.

Microsoft Vulnerability CVE-2018-8296:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45628 through 45629.

Microsoft Vulnerability CVE-2018-8297:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 45121 through 45122.

Microsoft Vulnerability CVE-2018-8298:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47102 through 47103.

Microsoft Vulnerability CVE-2018-8324:
Microsoft Edge suffers from programming errors that may lead to
information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47141 through 47142.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, July 5, 2018

Snort 3 Installation Documentation Updates for Ubuntu 14, 16 and 18 posted.



Noah Dietrich, one of the members in the community has submitted this document for hosting on Snort.org. We would like to thank Mr. Dietrich for his efforts and dedication into writing this piece of documentation. If you have any questions in regards to the documentation, please submit it via the author (Mr. Dietrich) or on the Snort.org Users mailing list

As always, our documentation can be found https://www.snort.org/documents

The link directly to the updated doc provided by Mr Dietrich, can be found here.


Thank you again to Mr Dietrich and the community for help making this product / documentation great.




Snort Subscriber Rule Set Update for 07/05/2018

Just released:
Snort Subscriber Rule Set Update for 07/05/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 6 new rules of which 0 are Shared Object rules and made modifications to 11 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-executable, file-identify, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, July 3, 2018

Snort Subscriber Rule Set Update for 07/03/2018

Just released:
Snort Subscriber Rule Set Update for 07/03/2018


We welcome the introduction of the newest rule release from Talos. In this release we introduced 22 new rules of which 2 are Shared Object rules and made modifications to 4 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-office, file-pdf, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!