Cisco Talos released the newest SNORTⓇ ruleset this morning.
We released the rule update overnight, featuring new protections against several malware families. Among the coverage are a few rules to detect a new Trickbot module that spies on users by creating an attacker-controlled virtual machine.
There are also new protections against the SeriousSAM vulnerability recently discovered in Windows 10 and 11. The vulnerability could allow an attacker to install programs, edit data or create new accounts with full user rights.
Here's a full breakdown of Monday night's release:
| Shared object rules | Modified shared object rules | New rules | Modified rules |
|---|---|---|---|
| 3 | 0 | 24 | 2 |