Thursday, July 18, 2019

Snort 2.9.14.0 is here

Please join us as we welcome SNORTⓇ 2.9.14.0 to the family.

The release notes for the newest version are below:

New Additions
  • Added support for wild card port numbers in host cache and overwriting port service AppId.
  • Added new client patterns to prompt client validation.
  • Added SMTP Microsoft Outlook client for Mac.
  • Added a new preprocessor alert 120:27 to alert if there is no proper end-of-header.
Improvements
  • Improved appId detection for proxied traffic.
  • Fix to ensure Snort is ready for packet commencing before DAQ starts. 
  • Fix for enabling flow profiling mode without restarting Snort detection engine.
Feedback and discussion are always welcome on the Snort-Users mailing list.

Downloads of Snort 2.9.14.0 are available here.

Snort rule update for July 18, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 21 new rules — 10 of which are shared object rules, as well as five modified rules.

Thursday's release provides protection against a critical vulnerability in Cisco Vision Dynamic Signage Director, as well as a remote code execution bug in a popular plugin for WordPress.

Tuesday, July 16, 2019

Snort rule update for July 16, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 24 new rules — four of which are shared object rules, as well as five modified rules.

Tuesday's release fixes a high-profile vulnerability in the Zoom web meeting software and also provides new coverage for several different malware families.

Thursday, July 11, 2019

Snort rule update for July 11, 2019

Just released:
Snort Subscriber Rule Set Update for July 11, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 28 new rules and four modified rules, none of which are shared object rules.

This release provides new coverage for CVE-2017-11882, CVE-2018-0802 and CVE-2018-0798. These vulnerabilities in Microsoft Equation Editor — which have previous patches — are being exploited by a threat actor to deliver malware and send malicious RTF documents to users. Based on this new intelligence, this latest update includes new coverage for these bugs: SIDs 50684, 50685 and 50689-50695.

There were no changes made to the snort.conf in this release.

Tuesday, July 9, 2019

Snort rule update for July 9, 2019 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos was just released. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the 77 vulnerabilities Microsoft disclosed this week, head to the Talos blog

Tuesday, July 2, 2019

Snort rule update for July 2, 2019

Just released:
Snort Subscriber Rule Set Update for July 2, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 102 new rules and 10 modified rules, none of which are shared object rules.

This release provides new coverage for the Scranos malware, a data-stealing attack that its creators recently revitalized. The series of new rules prevents Scranos from making an outbound connection and also blocks it from downloading its final payload.

There were no changes made to the snort.conf in this release.