Tuesday, July 30, 2019

Snort rule update for July 30, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 21 new rules, nine new shared object rules, 138 modified rules and five modified shared object rules.

Thursday's release includes coverage for several different malware families recently used in the wild, including Godlua, Ratsnif and SoftCell.

Thursday, July 25, 2019

Snort rule update for July 25, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains six new rules, 13 new shared object rules and four modified rules.

Thursday's release provides protection against a series of vulnerabilities and exploits targeted toward Industrial Control Systems. Security researchers recently discovered 12 bugs in products from three different companies that could allow an attacker to take over SCADA software belonging to vital infrastructures such as water and power suppliers.

Tuesday, July 23, 2019

Snort rule update for July, 23, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains six new rules — two of which are shared object rules, as well as two modified rules.

Thursday's release provides protection against a vulnerability in Windows win32k that attackers have exploited in the wild.

Thursday, July 18, 2019

Snort rule update for July 18, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 21 new rules — 10 of which are shared object rules, as well as five modified rules.

Thursday's release provides protection against a critical vulnerability in Cisco Vision Dynamic Signage Director, as well as a remote code execution bug in a popular plugin for WordPress.

Tuesday, July 16, 2019

Snort rule update for July 16, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 24 new rules — four of which are shared object rules, as well as five modified rules.

Tuesday's release fixes a high-profile vulnerability in the Zoom web meeting software and also provides new coverage for several different malware families.

Thursday, July 11, 2019

Snort rule update for July 11, 2019

Just released:
Snort Subscriber Rule Set Update for July 11, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 28 new rules and four modified rules, none of which are shared object rules.

This release provides new coverage for CVE-2017-11882, CVE-2018-0802 and CVE-2018-0798. These vulnerabilities in Microsoft Equation Editor — which have previous patches — are being exploited by a threat actor to deliver malware and send malicious RTF documents to users. Based on this new intelligence, this latest update includes new coverage for these bugs: SIDs 50684, 50685 and 50689-50695.

There were no changes made to the snort.conf in this release.

Tuesday, July 9, 2019

Snort rule update for July 9, 2019 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos was just released. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the 77 vulnerabilities Microsoft disclosed this week, head to the Talos blog

Tuesday, July 2, 2019

Snort rule update for July 2, 2019

Just released:
Snort Subscriber Rule Set Update for July 2, 2019

Cisco Talos released the latest SNORTⓇ rule set today. This release includes 102 new rules and 10 modified rules, none of which are shared object rules.

This release provides new coverage for the Scranos malware, a data-stealing attack that its creators recently revitalized. The series of new rules prevents Scranos from making an outbound connection and also blocks it from downloading its final payload.

There were no changes made to the snort.conf in this release.