Thursday, September 23, 2021

Snort rule update for Sept. 23, 2021

A new SNORTⓇ rule update is out this morning.

There are two rules in this package that protect against a zero-day vulnerability in the macOS Finder.  An attacker could exploit this vulnerability by tricking a user into opening a specially crafted email attachment that executes arbitrary commands. Apple released an update for this issue, but it is still exploitable, according to security researchers.

Here's a full breakdown of Thursday's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules

There were no changes made to the snort.conf in this release.

Cisco Talos' rule release: 

Talos has added and modified multiple rules in the browser-ie, file-other, malware-cnc, malware-other, os-other, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.