Tuesday, October 15, 2019

Snort rule update for Oct. 15, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 76 new rules and five modified rules

Tuesday's release provides coverage for two notable vulnerabilities that have made headlines over the past month — some in vBulletin and others in Apple's WebKit.
Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-image, file-office, file-other, indicator-compromise, os-linux, os-mobile, os-other, os-windows, policy-other, protocol-imap, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Here are two sets of rules we wish to specifically highlight:
  • 51834 - 51837: A now-patched vulnerability in the popular service vBulletin is allowing attackers to completely take over sites that use the software. vBulletin powers the commenting functions for many popular sites. An attacker could exploit this vulnerability to gain the ability to remotely execute malicious code on any vBulletin server running versions 5.0.0 through 5.5.4. This bug was initially dropped as a zero-day by an anonymous user, but has since been patched by the company. These Snort rules prevent any attempt to inject code into the server using this bug. Marcos Rodriguez wrote these rules.
  • 51821 - 51824, 51831, 58132: Multiple vulnerabilities in Apple's WebKit is allowing attackers to serve users' malicious advertisements. This campaign affected the Google Chrome and Safario web browsers on iOS and MacOS, but the vulnerabilities were all patched out in
    Apple's latest series of security updates. All of the ads centered around the user's specific mobile carrier, hoping to entice them to visit malicious websites. The vulnerabilities would allow the ads to break out of any sandboxes in place. John Levy wrote these rules.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.