Cisco Talos released the latest SNORT® rule update Tuesday morning.
Today's release includes several new rules to protect against attacks from the LemonDuck threat group. Talos first discovered LemonDuck spreading cryptocurrency miners, but it has now shifted to targeting vulnerable Microsoft Exchange Servers to deploy ransomware.
Here's a breakdown of Tuesday's rule release:
|Shared object rules||Modified shared object rules||New rules||Modified rules|
There were no changes made to the
snort.confin this release.
Talos' rule release:
Talos has added and modified multiple rules in the app-detect, browser-ie, browser-other, exploit-kit, file-pdf, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.