Friday, April 1, 2022

Weekly Snort rule update for March 25 - April 1

 Cisco Talos released two new rule sets for SNORTⓇ this week, which you can view here and here.

There are multiple rules to protect against the exploitation of the highly publicized Spring4Shell vulnerabilities that could lead to remote code execution. Spring is a popular framework used to develop Java applications. Snort SIDs 30790 - 30793, 59388 and 59416 can detect this activity.

For more on these vulnerabilities, read the Talos blog here

All users can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements, which you can upgrade to here.

Snort's rule blog posts are switching to a weekly recap format, rather than releasing every day a new rule update is released. If you have any feedback on this blog format, please reach out to us on Twitter @Snort

Friday, March 25, 2022

Weekly Snort rule update for March 21 - 25

Cisco Talos released two new rule sets for SNORTⓇ this week, which you can view here and here.

All users can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements, which you can upgrade to here.

Snort's rule blog posts are switching to a weekly recap format, rather than releasing every day a new rule update is released. If you have any feedback on this blog format, please reach out to us on Twitter @Snort

Thursday, March 17, 2022

Weekly Snort rule update for March 14 - 18

Cisco Talos released two new rule sets for SNORTⓇ this week, which you can view here and here.

The rules from this week cover a variety of malware families, including the CaddyWiper threat that's been targeting users in Ukraine. The wiper is relatively small in size and dynamically resolves most of the APIs it uses. Cisco Talos' analysis didn't show any indications of persistency, self-propagation or exploitation code.

We also released new protections for the Dirty Pipe exploit recently discovered in the Linux operating system. This vulnerability could allow an attacker to completely root devices, including some Android devices, as researchers showed with the Google Pixel 6. QNAP also warned users that its network-attached storage devices are also at risk

All users can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements, which you can upgrade to here.

Snort's rule blog posts are switching to a weekly recap format, rather than releasing every day a new rule update is released. If you have any feedback on this blog format, please reach out to us on Twitter @Snort

Snort OpenAppID Detectors have been updated

SNORTⓇ released a new update today for its OpenAppID Detector content.

This release — build 353 — includes:
  • 3,370 detectors. 
  • Additional detectors from the open-source community. For more details on which contributions were included — we have added them to the "Authors" file in this package.
The release is available now on our Downloads page. We look forward to users downloading and using the new features. If you have any feedback,  please share it with the OpenAppID mailing list.

The OpenAppID package is also compatible with our most recent Snort 3 releases.

For more information regarding the applications that are included in the open-source version of OpenAppID, feel free to visit our new application portal at appid.cisco.com.

Thursday, February 17, 2022

Weekly Snort rule update for Feb. 14 - 18

Cisco Talos released two new rule sets for SNORTⓇ this week, which you can view here and here.

Our two releases include several new protections against a variety of malicious webshells. There is also an additional rule that protects against the string of vulnerabilities Cisco recently disclosed in its RV series of routers aimed at small businesses.

The CVEs have a combined severity score of a maximum 10 out of 10. If successful, an adversary could execute arbitrary code on the targeted device, cause a denial of service or bypass authentication protections.

All users can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements, which you can upgrade to here.

Snort's rule blog posts are switching to a weekly recap format, rather than releasing every day a new rule update is released. If you have any feedback on this blog format, please reach out to us on Twitter @Snort

Thursday, February 3, 2022

Snort 3.1.21.0 is now available (plus bonus information on Thursday's rule update)

 

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub. Thursday also brought us the latest rule release, which includes several rules to protect against critical vulnerabilities Cisco patched in its RV series of routers. You can see more about this rule update here.

 

Snort 3.1.21.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Here's a rundown of all the changes and new features in this latest version of Snort 3.

Snort OpenAppID Detectors have been updated

SNORTⓇ released a new update today for its OpenAppID Detector content.

This release — build 352 — includes:
  • 3,280 detectors. 
  • Additional detectors from the open-source community. For more details on which contributions were included, we have added them to the "Authors" file in this package.
The release is available now on our Downloads page. We look forward to users downloading and using the new features. If you have any feedback,  please share it with the OpenAppID mailing list.

The OpenAppID package is also compatible with our most recent Snort 3 releases.

For more information regarding the applications that are included in the open-source version of OpenAppID, feel free to visit our new application portal at appid.cisco.com.

Tuesday, January 25, 2022

Snort rule update for Jan. 25, 2022 — And an update to our supported operating systems

The newest SNORTⓇ rule update from Cisco Talos is now available.

This release includes several rules to protect against malicious PHP command shells in Ajax that are sometimes used in cyber attacks. 

Here's a full breakdown of the rest of Tuesday's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
0140

Thursday, January 13, 2022

Snort rule update for Jan. 13, 2022

The newest SNORTⓇ rule update from Cisco Talos is now available.

Thursday morning's rule release includes new protections against the exploitation of a Log4shell-like vulnerability recently discovered in the popular H2 Java SQL database. Although the paths to exploiting this vulnerability are similar to the recent Log4j issue, the scope of execution is less broad.

Here's a full breakdown of the rest of today's rule update:

Shared object rulesModified shared object rulesNew rulesModified rules
022

Wednesday, January 12, 2022

Snort 3.1.20.0 available for download now

      

The SNORTⓇ team recently released a new version of Snort 3 on Snort.org and the Snort 3 GitHub.

 

Snort 3.1.20.0 contains several new features and bug fixes. Here's a complete rundown of what's new in this version. Users are encouraged to update as soon as possible and to upgrade to Snort 3 if they have not already done so.

Here's a rundown of all the changes and new features in this latest version of Snort 3.

Snort rule update for Jan. 11, 2022 — Microsoft Patch Tuesday

Cisco Talos released a new SNORT® ruleset Tuesday evening, providing coverage for many of the vulnerabilities covered in Microsoft Patch Tuesday.

For more details on the vulnerabilities Microsoft disclosed this month, view all of them on Microsoft's security update page. You can also read our breakdown of the most notable vulnerabilities on the Talos blog.

Here's a breakdown of Tuesday's rule release:

Shared object rulesModified shared object rulesNew rulesModified rules
00229