Tuesday, June 15, 2021

Snort 2.9.18.0 released

We released SNORTⓇ version 2.9.18.0 this afternoon. 

This version includes several bug fixes and updates to improve your Snort experience. If you haven't already, we also encourage users to upgrade to Snort 3, which includes a new rule parser and rule syntax, support for multiple packet-processing threads, and much more.

Here's a rundown of what's new in 2.9.18.0.

Snort rule update for June 15, 2021

Cisco Talos released the newest rule set for SNORTⓇ this morning.

Tuesday's rule release provides new protections against the IPsec Helper backdoor. The group behind the backdoor, known as Agrius, recently deployed a similar backdoor as part of a wiper malware campaign

Here's a full breakdown of this release:

Shared object rulesModified shared object rulesNew rulesModified rules
14 01111

Thursday, June 10, 2021

Snort rule update for June 10, 2021

 SNORTⓇ's latest rule release is here, courtesy of Cisco Talos.

Thursday's rule release includes several new rules to defend against the DarkSide ransomware. These rules will specifically detect any usage of a custom command and control framework the ransomware's been known to utilize.

Here's a full breakdown of this release:

Shared object rulesModified shared object rulesNew rulesModified rules
14 080

Tuesday, June 8, 2021

Snort rule update for June 8, 2021 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, head to the Talos blog.

Here's a breakdown of this afternoon's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
22152

Monday, June 7, 2021

Rule released to protect against severe VMware vulnerability that attackers are exploiting in the wild

Cisco Talos released a SNORTⓇ rule over the weekend to protect against exploitation of a severe vulnerability in VMware's vSphere Client’s Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server.

An attacker with network access to this service can exploit this vulnerability to gain remote code execution on the affected vCenter Server.

Thursday, June 3, 2021

Snort rule update for June 3, 2021

SNORTⓇ's latest rule release is here, courtesy of Cisco Talos.

Thursday's rule release includes new coverage for the Necro Python bot. Talos researchers recently discovered this bot adding new functionality to target several well-known vulnerabilities. It also added a cryptocurrency miner. Read more over on the Talos blog.

Here's a full breakdown of this release:

Shared object rulesModified shared object rulesNew rulesModified rules
0  0341

Tuesday, June 1, 2021

Snort rule update for June 1, 2021

Cisco Talos released the newest SNORTⓇ rule update Tuesday afternoon.

This release includes several new rules to protect against attacks from Russian Foreign Intelligence Service (SVR) cyber actors (aka APT29 and CozyBear). A joint release from U.S. intelligence organizations outlined the vulnerabilities this group uses to target many of its victims.

Here's a breakdown of everything in today's release:

Shared object rulesModified shared object rulesNew rulesModified rules
0  0154