Cisco Talos released the newest SNORTⓇ ruleset this morning.
Tuesday's rule update includes new rules to protect against the "Victory" backdoor recently being used by a state-sponsored APT as part of a surveillance operation. There are also new rules associated with the same attack that block an RTF file the attackers use with the RoyalRoad weaponizer.
Talos also released coverage for a recently disclosed vulnerability in Cisco's Adaptive Security Appliance that is being exploited in the wild.
Here's a full breakdown of today's release:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 0 | 2 | 37 | 1 |
There were no changes made to the snort.conf in this release.
Talos' rule release:
Talos has added and modified multiple rules in the browser-chrome, exploit-kit, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.