Thursday, November 7, 2019

Snort rule update for Nov. 7, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 32 new rules, 19 new shared object rules and 21 modified rules.

This set of rules provides protections against high-severity vulnerabilities in Cisco WebEx, and also covers a new variant of the Agent trojan.
Talos has added and modified multiple rules in the file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, os-mobile, policy-other, protocol-voip, pua-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

We would also like to highlight this set of rules:

  • 51202 - 51211: These rules protect against memory corruption vulnerabilities in Cisco WebEx. Cisco recently disclosed five bugs — CVE-2019-15283, CVE-2019-15285, CVE-2019-15286 and CVE-2019-15287 — in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows that could allow an attacker to corrupt memory in a way that would allow them to execute arbitrary code on the victim machine. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. 

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.