Tuesday, March 16, 2021

Snort rule update for March 16, 2021

The newest SNORTⓇ rule release arrived this morning, courtesy of Cisco Talos.

Tuesday's release includes a new rule protecting against the exploitation of the critical vulnerabilities in F5 BIG-IP and BIG-IQ. An adversary could exploit these vulnerabilities, which F5 disclosed last week, to take complete control of affected systems to execute malicious code, disable services and create or delete files, among other malicious actions. 

The new Snort rule detects when attackers try to inject arbitrary commands via the iControl REST interface.

Here's a breakdown of today's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
8011

There were no changes made to the snort.conf in this release.

Talos' rule release:
Talos has added and modified multiple rules in the file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.