This release contains 31 new rules, 11 new shared object rules, 61 modified rules and one modified shared object rules.
Thursday's release includes new protections against the EvilGnome malware, fixes for several Microsoft and Apple vulnerabilities and coverage for a vulnerability in Palo Alto Networks' VPN service.
Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-image, file-multimedia, file-other, file-pdf, malware-cnc, malware-other, os-windows, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
Here are two rules we wish to specific highlight:
- 50859 & 50860: These rules protect against the exploitation of CVE-2019-1579, a remote code execution vulnerability in Palo Alto Network’s GlobalProtect Secure Socket Layer (SSL) virtual private network (VPN). At the time of discovery, some systems belonging to ride-sharing service Uber were still at risk, though they have since patched the issue. An attacker could exploit this bug to carry out a buffer overflow, and then gain the ability to remotely execute code on the victim machine. Written by Joanne Kim.