Tuesday, October 19, 2021

Snort rule update for Oct. 19, 2021

The newest SNORTⓇ rule update is available this morning from Cisco Talos.

Our rule release includes detection content for several different malware families, including the AndroSpy backdoor and Quasar RAT, a .NET-based malware used by a variety of attackers.

Here's a full breakdown of the rest of Tuesday's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
0230

Thursday, October 14, 2021

Snort rule update for Oct. 14, 2021

Cisco Talos released the newest SNORTⓇ rule update today.  This release includes protections against several vulnerabilities including the Trend Micro Encryption Email Gateway and the phpMyAdmin tool.

Here's a full breakdown of the rest of Thursday's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
2250

Tuesday, October 12, 2021

Snort rule update for Oct. 12, 2021 — Microsoft Patch Tuesday

The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, head to the Talos blog.

Here's a breakdown of this afternoon's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
10378

Friday, October 8, 2021

Snort version 3.1.14.0 released — Here are all the updates and improvements

   

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

 

Snort 3.1.14.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Thursday, October 7, 2021

Snort rule update for Oct. 7, 2021

The newest SNORTⓇ rule update is available now. 

Cisco Talos' latest ruleset includes SID 58276 (SID 300053 for Snort 3) to protect against the exploitation of a zero-day vulnerability in the Apache HTTP Server Project. An attacker could exploit CVE-2021-41773 to execute remote code on the targeted machine. As of earlier this week, this exploit has already been used in the wild.

Here's a full breakdown of the rest of Thursday's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
0222

Tuesday, October 5, 2021

Snort rule update for Oct. 5, 2021

Cisco Talos shared the newest rule update for SNORTⓇ this afternoon. 

Tuesday's release includes new protection against the BlackMatter ransomware attack. Japanese technology company Olympus recently suffered an attack from this group, suffering outages across its European, Middle East and Africa computer networks. BlackMatter also recently infected a large grain co-op in Iowa, with the group demanding a $5.9 million ransom payment. 

Here's a full breakdown of Thursday's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
0135