Thursday, July 30, 2020

Snort rule update for July 30, 2020

The newest Cisco Talos rule release for SNORTⓇ is here.

The latest release includes 21 new rules, four shared object rules and one modified shared object rule.

This release includes new coverage for several different malware families, including the Nanocore RAT and Gh0stRAT. There is also protection against the exploitation of a recently disclosed critical vulnerability in Cisco's Data Center Network Manager.

Tuesday, July 28, 2020

Snort rule update for July 28, 2020

This morning, Cisco Talos released a new rule update for SNORTⓇ.

The latest release includes 14 new rules and six new shared object rules.

This release includes several new rules to protect against the Hakbit ransomware attack that researchers discovered last month. Hakbit, so far, has targeted numerous organizations in Europe via phishing emails with malicious Excel files attached.

Thursday, July 23, 2020

Snort rule update for July 23, 2020

This morning, Cisco Talos released a new rule update for SNORTⓇ.

The latest release includes 30 new rules, four modified rules and seven new shared object rules.

Today's release provides coverage to protect against the Prometei botnet. Talos discovered this botnet mining Monero cryptocurrency recently. For more information, check out all of Talos' research here.

Tuesday, July 21, 2020

Snort rule update for July 21, 2020

There is a new SNORTⓇ rule update available this morning from Cisco Talos.

The latest release includes six new rules, five modified rules and 10 new shared object rules.

Today's release continues our coverage of Microsoft Patch Tuesday. There are new rules that defend against vulnerabilities in Microsoft WalletService that the company disclosed last Tuesday.

Thursday, July 16, 2020

Snort rule update on July 16, 2020 — Additional coverage for Windows DNS vulnerability

Cisco Talos released a second rule update for SNORTⓇ on Thursday, providing additional rules to cover a critical vulnerability in Windows DNS.

Microsoft first disclosed CVE-2020-1350 on Tuesday as part of its monthly security update. While there was one Snort rule released Tuesday to defend against the exploitation of this bug, we have since expanded our coverage with three new rules released today. The vulnerability received a severity score of 10 out of the maximum 10. An adversary could exploit this bug to infect Windows servers with malware and create malicious DNS queries.

Snort rule update for July 16, 2020

Cisco Talos released the latest rule update for SNORTⓇ this afternoon, coinciding with Microsoft Patch Tuesday.

The latest release includes 16 new rules, two modified rules and 23 new shared object rules.

Today's release provides several rules to protect users against vulnerabilities Cisco recently disclosed in its RV series of routers and switches. Adversaries could use these bugs to obtain administrative-level privileges on the devices.

Tuesday, July 14, 2020

Snort rule update for July 14, 2020

Cisco Talos released the latest rule update for SNORTⓇ this afternoon, coinciding with Microsoft Patch Tuesday.

The latest release includes 35 new rules, two modified shared object rules and six new shared object rules.

This release provides coverage for many of the vulnerabilities Microsoft disclosed Tuesday as part of its monthly security update. Most notably, there is a DNS vulnerability that was assigned a severity 10 out of 10. Talos also discovered six critical bugs included this month which affected AMD and Intel chips.

Thursday, July 9, 2020

Snort rule update from July 9, 2020

This morning, Cisco Talos released the latest rule update for SNORTⓇ.

The latest release includes 1six new rule, two modified rules and 12 new shared object rules.

This release provides another rule covering the major vulnerability in F5 BIG-IP that's made headlines over the past week. Adversaries are using this vulnerability to target big-name organizations using the BIG-IP service.

Monday, July 6, 2020

Snort rule update for July 6 includes coverage for F5 BIG-IP vulnerability

Cisco Talos just released Snort coverage for a prominent vulnerability in F5’s BIG-IP.

BIG-IP is one of the most popular networking products on the modern market. This product is used to shape web traffic, access gateways, limit rates and much more. F5 disclosed a remote code execution over the weekend that was assigned a maximum 10 out of 10 severity score.

CVE-2020-5902 is a remote code execution vulnerability in BIG-IP's configuration interface. Users are urged to make their interfaces inaccessible to the internet and patch as soon as possible. The latest Snort rule set also includes rules 54462 to protect users from the exploitation of this vulnerability.

Thursday, July 2, 2020

Snort rule update from July 2, 2020

This morning, Cisco Talos released the latest rule update for SNORTⓇ.

The latest release includes 11 new rules and four new shared object rules.

This release provides new coverage against the NetWire trojan. Adversaries have recently been exploiting an old Microsoft Equation Editor vulnerability — CVE-2017-1182 — to deliver this malware as the final payload.