Thursday, December 19, 2019

Snort rule update for Dec. 19, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 11 new rules, six shared object rules and 26 modified rules.

This rule set provides protection against the exploitation of vulnerabilities in Adobe Photoshop, OpenSSL, Adobe Acrobat, and Cisco Smart Install.

Cisco's annual winter shutdown begins next week. As a result, we'll be taking two weeks off from posting these rule updates to the Snort blog. For new rule updates, keep an eye on the Snort Advisories page.

Tuesday, December 17, 2019

Snort version EOL update

As a reminder, we are preparing to EOL the following versions of Snort rules on Dec. 18:
  • 2.9.9.0
  • 2.9.12.0
We had originally intended to EOL version Snort 2.9.11.1 as well. However, there are external third-party vendors that are on 2.9.11.1, and because of their development cycle, can't upgrade just yet, so it's going to hang around while our third-party ecosystem is given a chance to upgrade.

We are also planning on releasing bug fix 2.9.15.1 (tentatively) on Dec. 19, followed by a larger release of 2.9.16.0 in April 2020 (tentatively).

We have been watching the number of downloads of these versions, on a week-to-week basis since September, and while the raw numbers of downloaders have been decreasing (and the drastic uptick in downloaders in 2.9.14.1 and 2.9.15.0) there are still about 42,000 users on those two versions, so we urge everyone on those two versions to upgrade as soon as possible.

Thanks everyone! Happy upgrading.

Snort rule update for Dec. 17, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 34 new rules and 22 modified rules.

This ruleset provides protection against the recently discovered Zeppelin ransomware attack, which we will highlight below.

Thursday, December 12, 2019

Snort rule update for Dec. 12, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 28 new rules, eight modified rules, three new shared object rules and one modified shared object rule.

This rule set provides new coverage for several malware families, including variants of the Mimikatz credential-stealing tool, the DoppelPaymer ransomware and attacks from the Gamaredon APT.

Tuesday, December 10, 2019

Snort rule update for Dec. 10, 2019: Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 11 new rules, 10 new shared object rules and four modified rules.

Tuesday, December 3, 2019

Snort rule update for Dec. 3, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 16 new rules, 12 modified rules and four new shared object rules.

Included in this new rule set is protection against new variants of the Qakbot and Hoplight malware families.