Thursday, September 2, 2021

Snort rule update for Sept. 2, 2021

Cisco Talos released the latest rule update for SNORTⓇ Thursday.

This release includes new protection against a critical vulnerability Cisco recently disclosed in its NFVIS software. There is a publicly available proof-of-concept exploit available for this vulnerability that could allow an attacker to bypass authentication and log in to a vulnerable device as an admin.

Here's a full breakdown of this rule update:

Shared object rulesModified shared object rulesNew rulesModified rules

There were no changes made to the snort.conf in this release.

Talos' rule release: 

Talos has added and modified multiple rules in the browser-chrome, browser-ie, browser-other, browser-webkit, deleted, exploit-kit, file-executable, file-flash, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-shellcode, malware-cnc, malware-other, netbios, os-linux, os-other, os-windows, policy-other, policy-social, protocol-dns, protocol-icmp, protocol-nntp, protocol-other, protocol-scada, protocol-snmp, protocol-tftp, protocol-voip, pua-p2p, server-iis, server-mail, server-mysql, server-oracle, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.