Wednesday, December 19, 2018

Snort rule update for Dec. 19, 2018

Just released:
Snort Subscriber Rule Set Update for Dec. 19, 2018

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 54 new rules, three of which are shared object rules. There are 10 modified rules in this release, none of which are shared object rules.

This release covers an out-of-band vulnerability that Microsoft disclosed Wednesday in Internet Explorer. An attacker could exploit this bug to execute code under the context of the logged-in user. Microsoft saw the vulnerability being used in targeted attacks.

For more information on this bug, check out our full post on the Talos blog here.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, file-other, file-pdf, indicator-compromise and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.