Tuesday, July 16, 2019

Snort rule update for July 16, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 24 new rules — four of which are shared object rules, as well as five modified rules.

Tuesday's release fixes a high-profile vulnerability in the Zoom web meeting software and also provides new coverage for several different malware families.

Talos has added and modified multiple rules in the deleted, file-flash, file-image, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, os-linux, os-other, os-windows, protocol-dns, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Here are several important rules we would like to highlight:

  • 50724 - 50729: This set of rules protects users against two vulnerabilities — CVE-2019-13449 and CVE-2019-13450 — in the Zoom remote meeting software. These high-profile vulnerabilities could allow an attacker to use a malicious website to automatically start a Zoom meeting and look in on a user's Mac camera. While Zoom says it has mitigated the issue, users are also encouraged to ensure the Mac Zoom app is up to date and to disable the setting that allows Zoom to automatically turn on the machine's camera when joining a meeting. These rules fire when they detect a file containing Zoom client information trying to disclose sensitive information. Joanne Kim wrote all of these rules.
  • 50734 - 50737: These rules provide new protections against the Anubis malware. Researchers at Trend Micro recently discovered more than 17,400 new samples of the Android malware. Anubis has targeted several different banking apps on Android stores, installing malicious espionage and banking trojan capabilities onto users' mobile devices. The actor behind Anubis has been active for at least 12 years, constantly making updates and adding new features. All four of these rules fire when Anubis attempts to make an outbound connection to a command and control (C2) server. Tim Muniz wrote these rules.

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats