Tuesday, December 7, 2021

Snort rule update for Dec. 7, 2021

The newest SNORTⓇ rule update from Cisco Talos is now available.

Tuesday's rule update includes multiple rules to protect against vulnerabilities that are being exploited in the wild. One such vulnerability is CVE-2021-44515 in the Zoho patch management software. If exploited, it could allow attackers to bypass authentication and execute arbitrary code. Snort rule 58696 detects if attackers try to upload a file as part of exploiting this vulnerability.

Here's a full breakdown of today's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
017353

There were no changes made to the snort.conf in this release.

Cisco Talos' rule release: 

In this release, a number of rules have been added to the security policy as part of ongoing policy rebalancing efforts.

Talos has added and modified multiple rules in the app-detect, browser-firefox, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, malware-cnc, malware-other, netbios, os-mobile, os-other, os-solaris, os-windows, policy-other, protocol-dns, protocol-rpc, protocol-scada, protocol-snmp, protocol-telnet, protocol-tftp, server-apache, server-mail, server-mysql, server-oracle, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.