Thursday, February 27, 2020

Snort rule update for Feb. 27, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains nine new rules and two modified rules.

This release primarily focuses on a new variant of Emotet. The longstanding malware has evolved to spread over WiFi connections. These new rules prevent that variant from being downloaded on your machine.

After you're done adding the new rules today, head over to our shiny new Resources page. We've got improved documentation, as well as the new Snort 101 video series, which will teach you the basics of setting up Snort 2 and 3, and even dives a little into rule writing.

Wednesday, February 26, 2020

Snort rule update for Feb. 26, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 82 new rules and eight modified rules.

This release primarily provides new coverage for two malware families: Zeroll and NetWire — the latter of which was recently associated with tax-theme spam campaigns and malicious IMG files.

After you're done adding the new rules today, head over to our shiny new Resources page. We've got improved documentation, as well as the new Snort 101 video series, which will teach you the basics of setting up Snort 2 and 3, and even dives a little into rule writing.

Tuesday, February 25, 2020

Snort rule update for Feb. 25, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 57 new rules, 12 modified rules, and 10 new shared object rules.

This rule update provides several new rules for variants in the longstanding Netwire and AZORult malware families.

After you're done adding the new rules today, head over to our shiny new Resources page. We've got improved documentation, as well as the new Snort 101 video series, which will teach you the basics of setting up Snort 2 and 3, and even dives a little into rule writing.

Monday, February 24, 2020

Learn Snort: Back to basics videos and labs


Snort is happy to launch a new (free!) video training series created by Cisco Talos covering the basic operation of Snort 2 and Snort 3. Currently available topics include installation and configuration, packet capture and logging and rule writing. Users of both Snort 2.9x and Snort 3 can use the included labs to acquire the basic skills and information for quick and easy setup of Snort and start inspecting traffic immediately.

The series is available on the newly revamped Snort Resources page, where you will also find Snort documentation, white papers, and additional tutorials and guides. Currently, the following topics covered in the “Snort 101” videos are:

  • Snort Overview - Snort 101
  • Snort 2 - Install and Config (with labs)
  • Snort 2 - Introduction to Rule Writing
  • Snort 3 - Install and Config (with labs)
  • Snort 3 - Writing Rules (with labs)
  • Snort 3 - Logging (with labs)

The training videos and labs can also be found in a playlist on the Talos YouTube channel, and on the new Resources page here.

Thursday, February 20, 2020

Snort rule update for Feb. 20, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 46 new rules and nine new shared object rules.

This rule update provides several new protections against malware we're calling "ObliqueRAT." We will be publishing details about this RAT on the Talos blog later today.

Tuesday, February 18, 2020

Snort rule update for Feb. 18, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 33 new rules, six new shared object rules and eight modified rules.

This rule update provides protection against a major new wave of malware that reportedly targeted a U.S. federal agency. Attackers are using the Syscon backdoor along with a variant of the Carrotbat malware to install malicious downloaders on victim's machines. New rules 53129 - 53144 perform various actions to prevent this malware from infecting victims and downloading any additional payloads.

Tuesday, February 11, 2020

Snort rule update for Feb. 11, 2020: Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this week, head to the Talos blog.

In all, this release includes 34 new rules, 10 modified rules, three modified shared object rules and 11 new shared object rules.

Tuesday, February 4, 2020

Snort rule update for Feb. 4, 2020

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 14 new rules, 12 modified rules, 15 new shared object rules and two modified shared object rules.

This rule update provides protection against two major malware families recently discovered. Rules 53026 - 53030 provide coverage for the NetWire RAT, which disguises itself as a fake email from a legitimate business. 53023 - 53025 also covers a variant of the Ako ransomware.