Cisco Talos released the newest rule update for SNORTⓇ this morning.
Thursday's release includes another new rule to protect against attacks from the Hafnium threat group that's been recently spotted exploiting zero-day vulnerabilities in Microsoft Exchange Server.
There are also multiple rules to protect against the exploitation of several vulnerabilities Cisco recently disclosed in its IOS XE software. Cisco disclosed 15 vulnerabilities earlier this week, all of which are considered to be high-severity.
Here's a breakdown of today's rule release:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 16 | 3 | 4 | 2 |
snort.conf in this release.Talos' rule release:
Talos has added and modified multiple rules in the browser-other, malware-cnc, os-windows, protocol-tftp and server-webapp rule sets to provide coverage for emerging threats from these technologies.