Tuesday, November 26, 2019

Snort rule update for Nov. 26, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 22 new rules and 17 modified rules.

Included in this new rule set are is coverage for a high-severity vulnerability in Apache Solr, as well as protection against the Ursnif trojan when it attempts to download malicious documents.
Talos has added and modified multiple rules in the browser-chrome, browser-ie, browser-plugins, browser-webkit, file-image, file-other, malware-cnc, protocol-scada, protocol-voip, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

We would like to highlight the following rules from this release:

  • 52324 and 52325: These rules protect against a vulnerability in Apache Solr, which was recently reclassified as being more serious than initially thought. It was initially believed that this bug would only allow an adversary to access monitoring data on any site utilizing Solr. However, new proof-of-concept code shows it could actually allow an attacker to remotely execute code on a Solr server. This bug could be exploited by any adversary who has network access to a Solr server and Java Management Extensions. Windows users are reportedly not affected. John Levy wrote both these rules.

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.