Our latest rule update just dropped this morning, though, and we've got the breakdown for you.
This release contains 65 new rules, three new shared object rules, 20 modified rules and two modified shared object rules.
Thursday's release includes additional coverage for several of the vulnerabilities Microsoft disclosed as part of its monthly security update last week, as well protection against several spyware tools.
Talos has added and modified multiple rules in the file-flash, file-identify, file-image, file-office, file-other, file-pdf, malware-cnc, malware-other, os-mobile, os-other, policy-other, protocol-other, protocol-voip, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
Here are two rules we wish to specific highlight:
- 51112 - 51116: These rules protect Android users against the latest attack from the Strong Pity threat actor. The group recently used a spyware of the same name to attack users in Turkey and attempt to steal certain documents. Security researchers even believe the group may be selling their malicious programs to certain government agencies. Mike Bautista wrote all of these rules.