Thursday, October 31, 2019

Snort rule update for Oct. 31, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 12 new rules, three new shared object rules, three shared object rules and 66 modified rules.

Thursday's release provides coverage for vulnerabilities in Microsoft Excel, Samsung SmartViewer and PowerShell Empire.

Tuesday, October 29, 2019

Snort rule update for Oct. 29, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 21 new rules, nine new shared object rules and eight modified rules.

Tuesday's release provides coverage for several serious vulnerabilities in Adobe ColdFusion and Acrobat Reader, as well as Windows GDI+.

Thursday, October 24, 2019

Snort rule update for Oct. 24, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 42 new rules, 13 new shared object rules and five modified rules.

Thursday's release provides updated protections against the Emotet botnet. While Emotet has been around for years, the attackers behind it are still updating it and releasing new variants on victims. There is also coverage for new malware variants used by the OceanLotus APT.

Tuesday, October 22, 2019

Snort rule update for Oct. 22, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

We also have a special announcement. Our annual survey is now open if you would like to receive a FREE Snort calendar. This year's theme is "boar" games.

Today's release contains 16 new rules, seven modified rules and five new shared object rules.

Tuesday's release provides protection against a recently discovered vulnerability in WhatsApp that could allow an attacker to execute code on an Android device using a malicious GIF.

Tuesday, October 15, 2019

Snort rule update for Oct. 15, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 76 new rules and five modified rules

Tuesday's release provides coverage for two notable vulnerabilities that have made headlines over the past month — some in vBulletin and others in Apple's WebKit.

Friday, October 11, 2019

Snort document updates

A couple updates to SNORTⓇ installation guides for Snort 3 have hit our documentation page, and we want to take a minute and personally thank the community members that spend their time writing documentation, quality checking it, testing it, and putting it out there with their name attached to it — all in the interest of making the Snort community a better place.

So, thanks go to the following individuals:

  • Noah Dietrich
  • Yaser Mansour
  • Milad Rezaei

First, we have an updated guide to Snort 2.9.14.1 on CentOS. This guide should work fine for our recently posted 2.9.15.0 release, simply by changing "2.9.14.1" to "2.9.15" where appropriate.

Next, there's an updated guide to Snort 3 installation on CentOS 8.

And we updated the guide to Snort 3 installation on Ubuntu 18 & 19.

As a reminder, our setup and installation guides can be found on Snort's documentation page under "Snort Setup Guides." While you are there, feel free to check out all the other documentation, such as Deployment Guides, startup scripts, and the official Snort manual.

Thursday, October 10, 2019

Snort 2.9.15.0 is here

Today, we added Snort 2.9.15.0 to the family!

As always, available from our download site on Snort.org, this new version contains the following features:

New Additions

  • Added new debugs to print detection, file_processing and Preproc time consumption info and verdict.
  • Added support to detect new Korean file formats .egg and .alg in the file preprocessor.
  • Added support to detect new RAR file-type in the file preprocessor.

Improvements / Fix

  • Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
  • Fix to whitelist FTP data sessions when no file policy exists.
  • Fix RTF file magic to a more generic value to prevent evasions.
  • Added debug logs during HTTP reload.
  • Added rule SID check during validation.
  • Fix an issue where HTTP was processing non-HTTP traffic on port 443.
  • Added new debugs to print detection, file processing, and Prepro time consumption info and verdicts.
Any notes or feedback for us on Snort 2.9.15.0?  Please shoot us a note over on the Snort-Users mailing list.




Tuesday, October 8, 2019

Snort rule update for Oct. 8, 2019: Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the 60 vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 63 new rules, six modified rules and two new shared object rules.

Tuesday, October 1, 2019

Snort rule update for Oct. 1, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 20 new rules, 30 modified rules and 11 new shared object rules.

Tuesday's release provides protection against the Moonshine attack, a recent campaign aimed at install spyware onto Tibetan leaders' mobile devices.