Thursday, March 4, 2021

Snort rule update for March 4, 2021 — Continuing coverage for Microsoft Exchange zero-day

Cisco Talos released another rule update for SNORTⓇ last night that adds additional protection against the exploitation of zero-day vulnerabilities in Microsoft Exchange Server. This follows the eight rules we released earlier this week.

Microsoft disclosed these vulnerabilities earlier in the week, attributing the attacks to a group known as HAFNIUM. For more on this threat, head to the Talos blog.

Here's a breakdown of Wednesday's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules

There were no changes made to the snort.conf in this release.

Talos' rule release:
Talos has added and modified multiple rules in the file-image, file-office, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.