Monday, September 27, 2021

Snort version 3.1.13.0 released — Here are all the updates and improvements

  

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

 

Snort 3.1.13.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Thursday, September 23, 2021

Snort rule update for Sept. 23, 2021

A new SNORTⓇ rule update is out this morning.

There are two rules in this package that protect against a zero-day vulnerability in the macOS Finder.  An attacker could exploit this vulnerability by tricking a user into opening a specially crafted email attachment that executes arbitrary commands. Apple released an update for this issue, but it is still exploitable, according to security researchers.

Here's a full breakdown of Thursday's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
1201

Tuesday, September 21, 2021

Snort rule update for Sept. 21, 2021

Cisco Talos released the latest rule update for SNORTⓇ Tuesday morning.

We neglected to post about this Thursday, but there was also another rule update that Talos released late last week.

Here's a full breakdown of today's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
1141

Tuesday, September 14, 2021

Snort rule update for Sept. 14, 2021 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, head to the Talos blog.

Here's a breakdown of this afternoon's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
20174

Thursday, September 9, 2021

Snort version 3.1.12.0 released — Here are all the updates and improvements

 

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

 

Snort 3.1.12.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Snort rule update for Sept. 9, 2021 — New coverage for Microsoft MSHTML zero-day

The latest SNORT rule update is available this morning, including new coverage for the recently disclosed zero-day vulnerability in Microsoft MSHTML

Users are encouraged to deploy SIDs 58120 – 58129 to detect and prevent the exploitation of CVE-2021-40444, which Microsoft disclosed earlier this week. If an adversary were to successfully exploit this vulnerability, they could remotely execute code on the victim machine or gain complete control. The Microsoft advisory also stated that proof-of-concept code for this vulnerability is available in the wild. 

Here's a full breakdown of this rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
0192

Thursday, September 2, 2021

Snort 2.9.18.0 end of life warning

This is the notification that SNORTⓇ 2.9.18.0 will reach its End of Life (EOL) on Nov. 30, 2021.  In accordance with our EOL policy, and reminders we've posted in the past, we are now giving users a 90-day warning.

Earlier this week, we released version 2.9.18.1, so users should upgrade to that as soon as possible. Alternatively, users can also upgrade to the latest version of Snort 3. For more on the benefits of Snort 3, click here.

Snort rule update for Sept. 2, 2021

Cisco Talos released the latest rule update for SNORTⓇ Thursday.

This release includes new protection against a critical vulnerability Cisco recently disclosed in its NFVIS software. There is a publicly available proof-of-concept exploit available for this vulnerability that could allow an attacker to bypass authentication and log in to a vulnerable device as an admin.

Here's a full breakdown of this rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
0180

Wednesday, September 1, 2021

Snort version 2.9.18.1 has been released

We released the latest version of Snort 2.9, SNORTⓇ version 2.9.18.1, this afternoon. 

This version is a very small update that fixes a possible memory corruption issue in the SMB preprocessor. If you haven't already, we also encourage users to upgrade to Snort 3, which includes a new rule parser and rule syntax, support for multiple packet-processing threads, and much more.

Here's a rundown of what's new in 2.9.18.1:

Snort OpenAppID Detectors have been updated

SNORTⓇ released a new update today for its OpenAppID Detector content.

This release — build 346 — includes:
  • 3,066 detectors. 
  • Additional detectors from the open-source community. For more details on which contributions were included, we have added them to the "Authors" file in this package.
The release is available now on our Downloads page. We look forward to users downloading and using the new features. If you have any feedback,  please share it with the OpenAppID mailing list.

The OpenAppID package is also compatible with our most recent Snort 3 releases.