Thursday, October 4, 2018

Snort rule blog post for Oct. 4, 2018

Just released:
Snort Subscriber Rule Set Update for Oct. 4, 2018

Cisco Talos just released the newest SNORTⓇ rule set. In this release, we introduced 46 new rules, three of which are shared object rules. There are also 22 modified rules.

This release covers additional Adobe Acrobat and Reader vulnerabilities that were disclosed on Oct. 1. The Snort rule release from earlier this week also addressed some of these bugs. Talos specifically discovered CVE-2018-12852, a remote code execution flaw in Acrobat that could allow an attacker to manipulate the victim machine's memory and execute code.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the deleted, file-image, file-multimedia, file-other, file-pdf, malware-cnc, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 U.S. a year for personal users. Be sure and see our business pricing as well at Make sure and stay up to date to catch the most emerging threats.