The Official Blog of the World Leading Open-Source IDS/IPS Snort.
This afternoon, Cisco Talos released the newest rule update for SNORTⓇ.
Thursday's release mainly provides coverage for multiple malware families. We have new and updated coverage for the Karangany malware family, which is known for targeting the energy sector, as well as the Nymaim downloader.
Here's a breakdown of today's rule release:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 2 | 0 | 29 | 4 |
The newest SNORTⓇ rule set is available this morning, courtesy of Cisco Talos.
Tuesday's release includes rules protecting against a multitude of malware families, including well-known threats like Emotet and Zbot. There is also new coverage for the ElectroRAT trojan, which was recently spotted in the wild trying to steal money from users' cryptocurrency wallets.
Here's a breakdown of this morning's rule release:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 12 | 2 | 40 | 1 |
We love sharing the SNORTⓇ calendar with our users every year. Our designers enjoy creating new designs and themes and we are always humbled by the support it receives every year.
Usually, we love to see pictures of the calendars hung up at cubicles, on the walls of meeting rooms or placed among armies of colored Snorties on desks and server racks.
Unfortunately, all our workspaces look different now than they did this time last year. It looks like it could be many months before we're all returning to a regular in-person schedule at the office, and instead, we've turned to virtual meeting tools like Cisco WebEx to connect with team members.
We get that your home office is not always in peak condition, or you just want to give off the idea that you're on a tropical island while sitting in that 4:30 p.m. meeting on a Friday. But why not sprinkle in a bit of your Snort fandom?
To help you show off your love of Snort and the Snort calendar, we've converted this year's monthly illustrations into virtual meeting backgrounds, which you can find and download here. Feel free to show off the might of the Sowerpuff Curls or transport your colleagues back in time with the Flintsnouts.
We are excited to release three new guides on the revamped Snort 3 page today to assist users with installing the new Snort 3 GA, version 3.1.0.0, in several different environments.
The guides will walk you through installing our official Snort 3 release on CentOS Stream, OracleLinux 8 and Ubuntu 18 and 20.
Cisco Talos released the latest SNORTⓇ rule update this morning. This is our second rule release since Snort 3 has been officially released. This is a total overhaul of Snort as you know it, so you won't to waste any time switching over. For more information, check out our blog post on the release here and check out the Snort 3 page on Snort.org.
Thursday's release provides several rules to protect against the exploitation of critical remote code execution vulnerabilities in Cisco's SD-WAN solutions. The most serious among the group of vulnerabilities Cisco disclosed this week is one that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system with root privileges.
Here's a breakdown of today's rule release:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 22 | 2 | 5 | 0 |
We know users have been anticipating this day for years. So, we are excited to announce that the official release of Snort 3 is here! The version number is 3.1.0.0.
Snort is an open-source intrusion prevention system (IPS) capable of real-time traffic analysis and packet logging. Snort 3 is the next step in our years-long journey of protecting users’ networks from unwanted traffic, malicious software and spam and phishing documents.
When we started thinking about what the next generation of IPS looked like, we decided to start from scratch. This latest version of Snort is the result of more than seven years of development and hard work from our team. After many years of success, it is time for Snort to evolve by incorporating lessons we had learned over the many years of the software’s existence and make it even more effective.
With Snort 3, rules are faster and more efficient, users have more control over their Snort experience, and it runs on multiple environments and operating systems.
Other prominent features of Snort 3 include:
Cisco Talos released the latest SNORTⓇ rule update this afternoon.
Thursday's release includes several rules to protect against the high-severity vulnerabilities Cisco disclosed in its RV series of routers. Cisco stated in its security advisory that it will not patch these products, but instead encouraged users to upgrade to more current hardware. However, these Snort rules will prevent attackers from carrying out a stack overflow attack.
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 26 | 3 | 11 | 4 |
The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 2 | 0 | 18 | 11 |
Cisco Talos released the latest SNORTⓇ rule update Thursday morning.
This release includes four rules to protect against the recently discovered TroubleGrabber malware. This credential stealer commonly spreads through Discord servers with malicious URLs.
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 0 | 0 | 4 | 22 |
The latest SNORTⓇ rule update is available now, courtesy of Cisco Talos.
Tuesday's release contains a few rules to protect users against the exploitation of vulnerabilities in two popular WordPress plugins.
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 1 | 0 | 3 | 5 |