Tuesday, August 27, 2019

Snort rule update for Aug. 27, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 76 new rules, 14 modified rules and nine new shared object rules.

Tuesday's release provides coverage for two critical vulnerabilities in the 220 series of Cisco smart switches for small businesses. There is also protection against the exploitation of an arbitrary file disclosure vulnerability in Pulse Secure SSL VPN.

Thursday, August 22, 2019

New Shared Object rule builds available September 2nd and additional EOL's

This is a notice that we will be adding additional Open Source Shared Object rule builds to our pipeline starting on September 2nd:

Alpine 3.10/i386
Alpine 3.10/x86-64
RHEL 8/x86-64
OpenSUSE 15.1/x86-64
OpenBSD 6.4/i386
OpenBSD 6.4/x86-64
OpenBSD 6.5/i386
OpenBSD 6.5/x86-64

and as previously noticed, but as a reminder, the following OSes will be EOL'ed on the same date:

CentOS 5.4
Debian 7
FC 25
FC 26
FreeBSD 8.1
FreeBSD 9.0
FreeBSD 10.0
OpenBSD 5.2
OpenBSD 5.3
RHEL 5.5
Slackware 13.1

As these OSes are also EOL.

Thank you



Snort rule update for Aug. 22, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 56 new rules, four modified rules, 14 new shared object rules and 25 modified shared object rules.

Thursday's release provides coverage for two vulnerabilities Cisco recently disclosed — one of which is rated "critical."

Tuesday, August 20, 2019

Snort rule update for Aug. 20, 2019

We apologize for the lack of update blog posts over the past two weeks, but even Snortie needs a summer vacation!

Our latest rule update just dropped this morning, though, and we've got the breakdown for you.

This release contains 65 new rules, three new shared object rules, 20 modified rules and two modified shared object rules.

Thursday's release includes additional coverage for several of the vulnerabilities Microsoft disclosed as part of its monthly security update last week, as well protection against several spyware tools.

Monday, August 12, 2019

Snort Shared Object OSes to be removed

In order to deprecate older OS builds and enable builds for newer OSes, it has become time to purge old OSes from our Shared Object rule build system.

The following builds will be stopped on August 27th:

CentOS 5.4
Debian 7
FC 25
FC 26
FreeBSD 8.1
FreeBSD 9.0
FreeBSD 10.0
OpenBSD 5.2
OpenBSD 5.3
RHEL 5.5
Slackware 13.1


We are looking at a couple new builds to start after this step.  More information will be posted soon.

Friday, August 2, 2019

Snort 2.9.14.1 has been released!

Snort Community!

We know it's a Friday, so we don't expect everyone to run right out and update, but in trying to get everything done before Black hat / Defcon, we wanted to make sure that 2.9.14.1 was shipped before we all got on planes to head out to "Hacker Summer Camp".

We've just pushed 2.9.14.1 live on the website (snort.org/downloads).  Please head on over and check it out at your earliest convenience.

Release notes are essentially the same as 2.9.14.0, with one minor fix, so I'll repost those:

[*] New Additions

 * Added support for wild card port numbers in host cache and overwriting port service AppId.

 * Added support for new STLS client patterns to help better detect POP3S over SSL.

 * Added support for detecting Mac based SMTP Microsoft Outlook client application.

 * Added a new preprocessor alert 120:27 to alert if there is no proper end of header.

[*] Improvements / Fix

 * Improved appId detection for proxied traffic.

 * Fix for enabling flow profiling mode without restarting snort detection engine.

 * Fixed packet drop scenario.


Thanks so much for bearing with us while we figured out the little bug with packet acquisition.

As always, feedback can be directed to the Snort-users list.  Happy Snorting!

Thursday, August 1, 2019

Snort rule update for Aug. 1, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 31 new rules, 11 new shared object rules, 61 modified rules and one modified shared object rules.

Thursday's release includes new protections against the EvilGnome malware, fixes for several Microsoft and Apple vulnerabilities and coverage for a vulnerability in Palo Alto Networks' VPN service.