Thursday, August 1, 2019

Snort rule update for Aug. 1, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 31 new rules, 11 new shared object rules, 61 modified rules and one modified shared object rules.

Thursday's release includes new protections against the EvilGnome malware, fixes for several Microsoft and Apple vulnerabilities and coverage for a vulnerability in Palo Alto Networks' VPN service.
Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-image, file-multimedia, file-other, file-pdf, malware-cnc, malware-other, os-windows, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Here are two rules we wish to specific highlight:
  • 50859 & 50860: These rules protect against the exploitation of CVE-2019-1579, a remote code execution vulnerability in Palo Alto Network’s GlobalProtect Secure Socket Layer (SSL) virtual private network (VPN). At the time of discovery, some systems belonging to ride-sharing service Uber were still at risk, though they have since patched the issue. An attacker could exploit this bug to carry out a buffer overflow, and then gain the ability to remotely execute code on the victim machine. Written by Joanne Kim.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.