The newest SNORTⓇ rule release arrived this morning, courtesy of Cisco Talos.
Tuesday's release includes a new rule protecting against the exploitation of the critical vulnerabilities in F5 BIG-IP and BIG-IQ. An adversary could exploit these vulnerabilities, which F5 disclosed last week, to take complete control of affected systems to execute malicious code, disable services and create or delete files, among other malicious actions.
The new Snort rule detects when attackers try to inject arbitrary commands via the iControl REST interface.
Here's a breakdown of today's rule release:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 8 | 0 | 1 | 1 |
snort.conf in this release.Talos' rule release:
Talos has added and modified multiple rules in the file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.