Thursday, July 18, 2019

Snort rule update for July 18, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 21 new rules — 10 of which are shared object rules, as well as five modified rules.

Thursday's release provides protection against a critical vulnerability in Cisco Vision Dynamic Signage Director, as well as a remote code execution bug in a popular plugin for WordPress.

Talos has added and modified multiple rules in the malware-cnc, os-windows, policy-other, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Here are several important rules we would like to highlight:
  • 50745: This rule provides a fix for CVE-2019-1917, a critical vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director. An attacker could exploit this vulnerability to carry out arbitrary actions through the REST API with administrative privileges. The REST API cannot be disabled on Cisco Vision Dynamic Signage Director. This rule, however, fires if someone were to try and bypass authentication using this vulnerability. 
  • 50740, 50741: Both of these rules provide coverage for a bug in a popular WordPress plugin called "Ad Inserter." The vulnerability leaves more than 200,000 sites potentially open to attack. An attacker could bypass authorization checks on sites that have this plugin installed, allowing them to remotely execute PHP code. Rules are written by John Levy. 
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats