Thursday, May 23, 2019

Snort rule update for May 23, 2019

Just released:
Snort Subscriber Rule Set Update for May 23, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 29 new and 27 modified rules, none of which are shared object rules.

This release provides coverage for JasperLoader, a malware loader we've reported on several times. Most recently, we discovered JasperLoader being used in targeted attacks against users in Italy.

There were no changes made to the snort.conf in this release.

Tuesday, May 21, 2019

Snort rule update for May 20, 2019

Just released:
Snort Subscriber Rule Set Update for May 20, 2019

Last night, Cisco Talos released the latest SNORTⓇ rule set. This release includes 18 new rules, three of which are shared object rules. There are also eight modified rules.

This release includes coverage for indicators associated with CVE-2019-0708, a remote code execution vulnerability in Microsoft Remote Desktop Services — formerly known as Terminal Services. This is a highly publicized vulnerability from Microsoft, which the company disclosed last week as part of its monthly security update. The vulnerability is wormable, meaning future malware that exploits this bug could spread from system to system.

There were no changes made to the snort.conf in this release.

Thursday, May 16, 2019

Snort rule update for May 16, 2019

Just released:
Snort Subscriber Rule Set Update for May 16, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes seven new and modified rules, including three shared object rules each.

This release mainly provides coverage for the vulnerabilities Cisco disclosed last week in several of its products, including Prime Infrastructure and WebEx.

There were no changes made to the snort.conf in this release.

Wednesday, May 15, 2019

Entries for the Snort scholarship are now closed

Thanks to everyone who applied to our 2019 SNORTⓇ scholarship this year. Entries are now closed.

Please keep an eye on the blog here or on our Twitter account in the coming weeks, where we'll announce the winners!

Tuesday, May 14, 2019

Snort rule update for May 14, 2019 — Microsoft Patch Tuesday

Just released:
Snort Subscriber Rule Set Update for May 14, 2019

The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 53 new rules, five of which are shared object rules. There are also two modified rules.

This release covers Microsoft Patch Tuesday, which included fixes for 79 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.

Thursday, May 9, 2019

Snort rule update for May 9, 2019

Just released:
Snort Subscriber Rule Set Update for May 9, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 24 new rules, none of which are shared object rules. There are now modified rules in this release.

This release provides new coverage for a slew of malware families, including FormBook, Pirpi and the recently disocvered BuckEye.

There were no changes made to the snort.conf in this release.

Tuesday, May 7, 2019

Snort rule update for May 7, 2019

Just released:
Snort Subscriber Rule Set Update for May 7, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 27 new rules, six of which are shared object rules. There are also seven modified rules, four of which are shared object rules.

This release provides additional coverage for vulnerabilities in Oracle WebLogic. Multiple researchers have discovered attackers exploiting these bugs to deliver a variety of malware, most recently Gandcrab.

There were no changes made to the snort.conf in this release.

Thursday, May 2, 2019

Snort rule update for May 2, 2019

Just released:
Snort Subscriber Rule Set Update for May 2, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 34 new rules, four of which are shared object rules. There are also seven modified rules, one of which is a shared object rules.

This release is the first of a number of additions to the max-detect policy to make it a heavily detection-focused policy. As such, performance will be impacted if this policy is enabled. It's highly recommended that users test this policy's performance before deploying it in production environments. Therefore, there are a large number of modified rules today that could make downloading this set take longer than usual.

There were no changes made to the snort.conf in this release.