Tuesday, April 30, 2019

Snort rule update for April 30, 2019

Just released:
Snort Subscriber Rule Set Update for April 30, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 34 new rules, four of which are shared object rules. There are also seven modified rules, one of which is a shared object rules.

This release provides protection from attackers exploiting a zero-day vulnerability in Oracle WebLogic servers. Attackers are exploiting this bug to deliver a new ransomware called "Sodinokibi."

There were no changes made to the snort.conf in this release.

Tuesday, April 23, 2019

Snort rule update for April 23, 2019

Just released:
Snort Subscriber Rule Set Update for April 23, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 11 new rules, four of which are shared object rules. There are also 15 modified rules, none of which are shared object rules.

This release provides new coverage for the infamous Emotet malware traditionally spread via spam. There are also two new rules for Microsoft Windows IOleCvt vulnerability disclosed earlier this month as part of Microsoft's monthly security update.

There were no changes made to the snort.conf in this release.

Thursday, April 18, 2019

Snort rule update for April 18, 2019

Just released:
Snort Subscriber Rule Set Update for April 18, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 22 new rules, 11 of which are shared object rules. There are also nine modified rules, none of which are shared object rules.

This release provides coverage for a critical flaw in Cisco's ASR 9000 series of routers. In all, the company disclosed 29 vulnerabilities, but the most serious one had a severity rating of 9.8 out of a possible 10.

Wednesday, April 17, 2019

Snort blog comments are now disabled

As the topic of the post says, blog comments on this blog are now disabled.

Why?

99% (percentage is entirely made up, but most likely more accurate than non-accurate) of all the comments were spam.  The majority of my time moderating the comments on the blog was spent mashing the "Spam" button.

Every once in awhile a real comment would appear on the blog, and 99% of those comments were answered by me answering with "Go to the mailing lists".

So, in the interest of my sanity, and the fact that the mailing lists provide a better answer and conversational interaction than a blog comment ever could, I've disabled blog comments.

Please direct your questions to the Snort mailing lists: https://www.snort.org/community

Thanks all!

Tuesday, April 16, 2019

Snort rule update for April 16, 2019

Just released:
Snort Subscriber Rule Set Update for April 16, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 39 new rules, 12 of which are shared object rules. There are also three modified rules, none of which are shared object rules.

This release provides coverage for a zero-day vulnerability in Microsoft Internet Explorer. This bug could allow an attacker to steal files from a user's machine, even if they are not actively using the web browser.

Monday, April 15, 2019

Applications for 2019 Snort scholarship are now open


Are you a high school student planning on acquiring a college technology degree? Let Snort help you get there.

The Snort Scholarship program is back this year, and once again, we are awarding two $10,000 to two individuals attending an accredited college or university in the 2019-2020 academic year.

You can apply for the scholarship here.

To be eligible for the scholarship, you must:

  • Have or be eligible to receive your high school diploma or an equivalent in 2019 as of the date Cisco receives your application.
  • Provide reasonable evidence to Cisco that you are seeking a degree in computer science, information technology, computer networking, cybersecurity or a similarly related field of study from a school located in the U.S. or a U.S. territory. 

To apply for the scholarship, you must answer a series of short essay questions, which will be our main basis for how we select the winners. You must submit your application by May 15, 2019.

For more information about contest rules, eligibility requirements, or to complete a submission, visit our Snort Scholarship page.

Thursday, April 11, 2019

Snort rule update for April 11, 2019

Just released:
Snort Subscriber Rule Set Update for April 11, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 33 new rules, two of which are shared object rules. There are also seven modified rules.

In addition to our new rules today, we also have a new version of Snort: 2.9.13.0. Here's a roundup of the new improvements and features.

Snort 2.9.13.0 has been released

Please join us as we welcome SNORTⓇ 2.9.13.0 to the family.

The release notes for the newest version are below:

New Additions
  • Snort now supports reload on snort rules update.
  • Addition of a scenario to add a packet to blacklist verdict to ensure the new session will be allowed.
  • Handled a new pre-processor alert in case of the improper end of t HTTP header.
Improvements
  • Modified the calculation of file hash for FTP/HTTP with offset values.
  • Fixed portal authentication connection stuck in half closed state.
  • Updated UDP global timeout for a non-standard port.
This release also patched the following two vulnerabilities:

As always, we welcome feedback and community participation in Snort on the snort-users mailing list.


Tuesday, April 9, 2019

Snort rule update for April 9, 2019 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for April 9, 2019

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 80 new rules, eight of which are shared object rules. There are also 10 modified rules.

This release covers Microsoft Patch Tuesday, which included fixes for 74 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.

Friday, April 5, 2019

Update to Snort OpenAppID detectors

We recently released an update to the Snort OpenAppID Detector content.

This release, build 319, includes a total of 2,836 detectors, as well as some additional detectors that came in from the open-source community. For more details on which contributions we included, we have added them to the "Authors" file in this package.f

The update is available for download now from our downloads page. We look forward to you downloading and using the new features of 2.9.12.0's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

Thursday, April 4, 2019

Snort rule update for April 4, 2019

Just released:
Snort Subscriber Rule Set Update for April 4, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 23 new rules and five modified rules, none of which are shared object rules.

This release provides new coverage for the Rietspoof malware discovered earlier this year. The trojan has been spread via instant messages on the Skype video chat platform.

Tuesday, April 2, 2019

Snort rule update for April 2, 2019

Just released:
Snort Subscriber Rule Set Update for April 2, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 33 new rules, three of which are shared object rules. There are also three modified rules and four modified shared object rules.

This release provides coverage for a bug in Huawei's PCManager software that could allow an attacker to bypass security protections in the Windows kernel. There's also a new rule to protect the RV series of Cisco routers, which have been under attack for several months.