Thursday, January 13, 2022

Snort rule update for Jan. 13, 2022

The newest SNORTⓇ rule update from Cisco Talos is now available.

Thursday morning's rule release includes new protections against the exploitation of a Log4shell-like vulnerability recently discovered in the popular H2 Java SQL database. Although the paths to exploiting this vulnerability are similar to the recent Log4j issue, the scope of execution is less broad.

Here's a full breakdown of the rest of today's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules

There were no changes made to the snort.conf in this release.

Cisco Talos' rule release: 

Talos has added and modified multiple rules in the malware-cnc, server-mysql and server-webapp rule sets to provide coverage for emerging threats from these technologies.

You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.