Thursday, March 17, 2022

Weekly Snort rule update for March 14 - 18

Cisco Talos released two new rule sets for SNORTⓇ this week, which you can view here and here.

The rules from this week cover a variety of malware families, including the CaddyWiper threat that's been targeting users in Ukraine. The wiper is relatively small in size and dynamically resolves most of the APIs it uses. Cisco Talos' analysis didn't show any indications of persistency, self-propagation or exploitation code.

We also released new protections for the Dirty Pipe exploit recently discovered in the Linux operating system. This vulnerability could allow an attacker to completely root devices, including some Android devices, as researchers showed with the Google Pixel 6. QNAP also warned users that its network-attached storage devices are also at risk

All users can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements, which you can upgrade to here.

Snort's rule blog posts are switching to a weekly recap format, rather than releasing every day a new rule update is released. If you have any feedback on this blog format, please reach out to us on Twitter @Snort