Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.
This release contains six new rules — two of which are shared object rules, as well as two modified rules.
Thursday's release provides protection against a vulnerability in Windows win32k that attackers have exploited in the wild.
Talos has added and modified multiple rules in the file-other, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
Here are several important rules we would like to highlight:
This release contains six new rules — two of which are shared object rules, as well as two modified rules.
Thursday's release provides protection against a vulnerability in Windows win32k that attackers have exploited in the wild.
Talos has added and modified multiple rules in the file-other, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
Here are several important rules we would like to highlight:
- 50771: This rule fires when the AZORult trojan attempts to make an outbound connection to its command and control server. Attackers recently began spreading AZORult through a series of phony cheat codes for video games, such as "CounterStrike: Go and Player Unknown's Battlegrounds. Once installed, the trojan attempts to steal users' passwords. This rule was written by Tim Muniz.
- 50777, 50778: Both of these rules provide coverage for a previously disclosed vulnerability in Windows' win32k.sys component. The escalation of privilege bug, identified as CVE‑2019‑1132, was exploited in a series of targeted attacks in Eastern Europe. These rules activate when a user attempts to corrupt a machine's memory using this vulnerability. Rules were written by Joanne Kim.