Tuesday, August 20, 2019

Snort rule update for Aug. 20, 2019

We apologize for the lack of update blog posts over the past two weeks, but even Snortie needs a summer vacation!

Our latest rule update just dropped this morning, though, and we've got the breakdown for you.

This release contains 65 new rules, three new shared object rules, 20 modified rules and two modified shared object rules.

Thursday's release includes additional coverage for several of the vulnerabilities Microsoft disclosed as part of its monthly security update last week, as well protection against several spyware tools.
Talos has added and modified multiple rules in the file-flash, file-identify, file-image, file-office, file-other, file-pdf, malware-cnc, malware-other, os-mobile, os-other, policy-other, protocol-other, protocol-voip, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Here are two rules we wish to specific highlight:
  • 51112 - 51116: These rules protect Android users against the latest attack from the Strong Pity threat actor. The group recently used a spyware of the same name to attack users in Turkey and attempt to steal certain documents. Security researchers even believe the group may be selling their malicious programs to certain government agencies. Mike Bautista wrote all of these rules.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.