Tuesday, September 24, 2019

Snort rule update for Sept. 24, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 11 new rules, 12 modified rules and 27 new shared object rules.

Tuesday's release provides more protections for a line of D-Link routers that were recently found to contain serious vulnerabilities.

Thursday, September 19, 2019

Snort versions EOL and open-source Snort release schedule updates

It's time again for us to wind down certain versions of SNORTⓇ.

We currently support 36 different Open Source Operating System builds for the Snort Subscriber Rule Set. Each additional version of the OS and additional version of Snort that we have to support exponentially increases the amount of build — and, subsequently, QA — time required to create a version of the ruleset. To adjust this workload, we will be deprecating the following versions of Snort:

  • 2.9.9.0
  • 2.9.12.0

Using our regular 90-day notice policy, this means that those versions will deprecate on Dec. 18 later this year.

This will leave versions:

  • 2.9.8.3
  • 2.9.13.0
  • 2.9.14.1
  • 2.9.15.0

If you are on 2.9.9.0 or 2.9.12.0, we recommend you upgrade to 2.9.14.1 immediately.

We will be updating our EOL page on Snort.org soon to reflect this change as soon as we get a chance to push that live.

But, there is good news.

We are going to move to a more regular release schedule of about once a quarter. We will iron out the dates and details soon, at which time we'll let you know on the blog with an accompanying page on Snort.org. This will allow for more regular releases and easier depreciation of older releases.

If there are any concerns, please bring them to the Snort-Users mailing list.

Snort rule update for Sept. 19, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 24 new rules and four modified rules.

Thursday's release provides protections for HooToo's line of traveling wireless routers, as well as one D-Link router that could be compromised with a malicious HNAP1 request.

Tuesday, September 17, 2019

Snort OpenAppID Detectors have been updated

An update has been released today for the Snort OpenAppID Detector content.

This release, build 326, includes:
  • A total of 2,880 detectors. 
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.
Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.14.1's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID package is also compatible with our Snort 3.0 release.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

Snort rule update for Sept. 17, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 22 new rules and 20 modified ones.

Tuesday's release provides coverage for several different malware variants. Several new rules prevent these samples from making outbound connections to their command and control (C2) servers.

Tuesday, September 10, 2019

Snort rule update for Sept. 10, 2019: Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos was just released. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the 85 vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 45 new rules, 53 modified rules and four new shared object rules.

Thursday, September 5, 2019

Reminder: New shared object rule builds now available

Just a reminder that, as we wrote back in August, there are new shared object rule builds available as of this week's builds.

Snort rule update for Sept. 5, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 29 new rules, 12 modified rules, one new shared object rule and two shared object rules.

Thursday's release provides coverage for vulnerabilities in several different web browsers, including Microsoft Edge and Internet Explorer, Safari and Google Chrome.