Snort rule update for March 28, 2019

Just released:
Snort Subscriber Rule Set Update for March 28, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 29 new rules, 15 of which are shared object rules. There are also 1,396 modified rules.

The bulk of these modified rules simply add references for the MITRE ATT&ACK framework. The MITRE ATT&CK Framework is described in this wiki, which provides a thorough overview of all known attack techniques that currently or have been employed by adversaries in the wild. Each documented technique is accompanied by explanations, examples, detection recommendations, and the related actor(s) that have employed the technique. Talos has added these additional references in the SIDs to provide attack context information for our customers, and to support integration with other systems or reporting requirements.

This release provides coverage for several vulnerabilities Cisco disclosed this week in IOS XE. These bugs could allow an attacker to gain access to sensitive configuration information on many of Cisco's small and home office (SOHO) routers.

Snort rule update for March 26, 2019

Just released:
Snort Subscriber Rule Set Update for March 26, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 52 new rules and four modified rules, none of which are shared object rules.

In this release, we provide coverage for two serious WordPress vulnerabilities that the company patched last week. Both bugs exist in plugins for the content management system and could allow an attacker to execute extensions over top of websites. There's also protection from the IceID banking trojan and the Yatron ransomware.

Snort rule update for March 21, 2019

Just released:
Snort Subscriber Rule Set Update for March 21, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 20 new rules, three new shared object rules and one modified rule.

In this release, we have coverage for a new variant of the Mirai botnet. Recently, researchers discovered a new wave of attacks targeting presentation software and devices. There is also protection against several critical vulnerabilities Cisco recently patched in some of its IP phones.

Snort rule update for March 19, 2019

Just released:
Snort Subscriber Rule Set Update for March 19, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 50 new rules and six modified rules, none of which are shared object rules.

This release provides coverage for a wide range of vulnerabilities and malware. Most notably, there are new protections from the Rising Sun malware, which was recently linked to the Lazarus Group APT.

Snort rule update for March 12, 2019 — Microsoft Patch Tuesday

Just released:

Snort Subscriber Rule Set Update for Feb. 12, 2019

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 38 new rules and four shared object rules. There are also 16 modified rules, none of which are shared object rules.

This release covers Microsoft Patch Tuesday, which included fixes for 64 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.

Snort rule update for March 7, 2019

Just released:
Snort Subscriber Rule Set Update for March 7, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes three new rules, 15 new shared object rules and seven modified rules, none of which are shared object rules.

In this release, we provide coverage for several vulnerabilities in Cisco products. Most recently, the company published the details of several high-profile bugs that put the Nexus line of switches at risk due to the NX-OS operating system.

Snort rule update for March 5, 2019

Just released:
Snort Subscriber Rule Set Update for March 5, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes eight new and modified rules, none of which are shared object rules.

This release provides coverage for two malware families: Crytekk, a ransomware that infects users via a malicious, phony PayPal page, and Arescrypt, another ransomware.