Thursday, September 27, 2018

Snort rule update for Sept. 27, 2018

Just released:
Snort Subscriber Rule Set Update for Sept. 27, 2018

Today, Cisco Talos released the newest rule update for SNORTⓇ. In this release, we introduced 27 new rules, of which six are shared object rules. There are no modified rules in this update.

This release provides coverage for multiple important vulnerabilities in Cisco IOS XE, as well as a new malware variant from the OilRig APT that has been spotted targeting governments in the Middle East. Our rules block any outbound connections that the malware tries to make.


There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the browser-plugins, file-image, file-other, malware-cnc, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In case you missed it, Talos has already released more information on the VPNFilter malware family. There are seven new third-stage modules that our researchers discovered, meaning the malware is even more powerful than we additionally thought. There is a previous Snort rule (47684) that can help protect your router from this attack.



In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats.