Tuesday, October 22, 2019

Snort rule update for Oct. 22, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

We also have a special announcement. Our annual survey is now open if you would like to receive a FREE Snort calendar. This year's theme is "boar" games.

Today's release contains 16 new rules, seven modified rules and five new shared object rules.

Tuesday's release provides protection against a recently discovered vulnerability in WhatsApp that could allow an attacker to execute code on an Android device using a malicious GIF.
Talos has added and modified multiple rules in the browser-firefox, file-office, file-other, file-pdf, os-mobile, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

There is one group of rules we which to highlight:
  • 51953 - 51956: These rules provide protection against a double-free vulnerability in the WhatsApp messaging app for Android. An attacker could exploit this vulnerability, identified as CVE-2019-11932, to carry out a variety of malicious activities, including memory leaks and arbitrary code execution. The exploitation of this bug requires the attacker to send a WhatsApp user a specially crafted GIF. These rules prevent attackers from carry out remote code execution through these GIFs. Tim Muniz wrote these rules.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.