Snort rule update for Aug. 5, 2021

The latest SNORTⓇ ruleset is available this morning from Cisco Talos.

Thursday's rule update includes protection against two pre-authorization vulnerabilities in the Cisco RV series of routers. The two vulnerabilities Cisco disclosed this week could allow an attacker to trigger a denial-of-service condition or execute commands and arbitrary code on vulnerable devices.

Here's a full breakdown of this release:

Shared object rules	Modified shared object rules	New rules	Modified rules
3	1	0	0

Snort rule update for July 8, 2021

The newest Cisco Talos rule release for SNORTⓇ is here.

Thursday's ruleset includes new protections against two recently disclosed vulnerabilities in Cisco Business Process Automation. An attacker could exploit these vulnerabilities to elevate their privileges to the level of Administrator on the targeted machine.

We also want to remind everyone that Snort version 2.9.15.0 has officially reached its end of life. Any users on that version need to update as soon as possible.

Here's a full breakdown of today's release:

Shared object rules	Modified shared object rules	New rules	Modified rules
8	0	0	2

Snort rule update for Nov. 7, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

Today's release contains 32 new rules, 19 new shared object rules and 21 modified rules.

This set of rules provides protections against high-severity vulnerabilities in Cisco WebEx, and also covers a new variant of the Agent trojan.

Snort rule update for Aug. 22, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 56 new rules, four modified rules, 14 new shared object rules and 25 modified shared object rules.

Thursday's release provides coverage for two vulnerabilities Cisco recently disclosed — one of which is rated "critical."

Snort rule update for July, 23, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains six new rules — two of which are shared object rules, as well as two modified rules.

Thursday's release provides protection against a vulnerability in Windows win32k that attackers have exploited in the wild.

Snort rule update for July 18, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 21 new rules — 10 of which are shared object rules, as well as five modified rules.

Thursday's release provides protection against a critical vulnerability in Cisco Vision Dynamic Signage Director, as well as a remote code execution bug in a popular plugin for WordPress.

Snort rule update for June 19, 2019

Just released:
Snort Subscriber Rule Set Update for June 19, 2019

Cisco Talos released the latest SNORTⓇ rule set overnight. This release includes 24 new rules, 10 of which are shared object rules. There are also four modified rules, two of which are shared object rules.

This release provides coverage for several vulnerabilities Cisco recently disclosed in its Prime Service Catalog and some RV routers. Several different models of RV routers contain bugs in their web-based interface that could allow malicious actors to carry out denial-of-service attacks.

There were no changes made to the snort.conf in this release.

Snort rule update for May 16, 2019

Just released:
Snort Subscriber Rule Set Update for May 16, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes seven new and modified rules, including three shared object rules each.

This release mainly provides coverage for the vulnerabilities Cisco disclosed last week in several of its products, including Prime Infrastructure and WebEx.

There were no changes made to the snort.conf in this release.

Snort rule update for April 2, 2019

Just released:
Snort Subscriber Rule Set Update for April 2, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 33 new rules, three of which are shared object rules. There are also three modified rules and four modified shared object rules.

This release provides coverage for a bug in Huawei's PCManager software that could allow an attacker to bypass security protections in the Windows kernel. There's also a new rule to protect the RV series of Cisco routers, which have been under attack for several months.

Snort rule update for March 21, 2019

Just released:
Snort Subscriber Rule Set Update for March 21, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes 20 new rules, three new shared object rules and one modified rule.

In this release, we have coverage for a new variant of the Mirai botnet. Recently, researchers discovered a new wave of attacks targeting presentation software and devices. There is also protection against several critical vulnerabilities Cisco recently patched in some of its IP phones.

Snort rule update for March 7, 2019

Just released:
Snort Subscriber Rule Set Update for March 7, 2019

Cisco Talos just released the newest SNORT® rule set. This release includes three new rules, 15 new shared object rules and seven modified rules, none of which are shared object rules.

In this release, we provide coverage for several vulnerabilities in Cisco products. Most recently, the company published the details of several high-profile bugs that put the Nexus line of switches at risk due to the NX-OS operating system.

Cisco, Linux Foundation, and OpenSSL

Our Cisco colleague Anthony Grieco wrote a quick blog post over on the Cisco Security blog announcing that Cisco is a proud supporter and founder of the Linux Foundation initiative announced on April 24th.

We are pleased to help form a critical mass of governance, funding, and focus that will support the output of open source communities like OpenSSL. By working together as an industry, we can expect greater security, stability, and robustness for components that are critical to the Internet.

Check out the blog article here for further information: http://blogs.cisco.com/security/cisco-linux-foundation-and-openssl/

Cisco, Community and Open Source

In July we told you about Sourcefire’s agreement to be acquired by Cisco, and today that acquisition has closed – we are now one company. This also means that we are also now one community, and Cisco has reiterated its commitment to maintaining our innovation and support of Snort, ClamAV and other open source projects, as well as its own projects. As Marty Roesch wrote on our corporate blog:

“I can tell you with certainty that this is a great match for Sourcefire, for Cisco and, ultimately, for our customers, partners and open source communities… Beyond the technology, one of the things that is important to me is that Cisco and Sourcefire both share key values that transcend our company names, HQ locations and number of employees. “

 I’m also happy to report that there will be no changes to how our communities are run or our communications, including mailing lists, snort.org, clamav.net or social media sites. Please visit the corporate blog for more details and, as always, reach out to me with questions. I will still be your community manager and I look forward to many more years of being a part of this community.

A Continued Commitment to Open Source

A Continued Commitment to Open Source

Earlier today Cisco announced a definitive agreement to acquire Sourcefire. Marty Roesch has detailed the announcement on our corporate blog, but we want to make sure that you, our friends and community, are especially assured of Cisco’s commitment to maintaining our innovation and support of our open source projects. As Marty writes:

“I created Snort in 1998 to provide value-added security solutions for open source and address big problems that no one else could solve. We later expanded that open source commitment to ClamAV… The best news in all of this, especially for our partners, customers and open source users, is that Cisco is committed to accelerate the realization of our vision into the market. We’ll be able to more quickly innovate, develop and provide products and technologies that continue to solve your biggest security challenges. And not just for commercial and government solutions – they are committed to continued innovation and support of our open source projects, too."

Please visit the corporate blog for more details and feel free to reach out to me with any questions that you might have. We look forward to continuing to innovate together.

Additional Information and Where to Find It

In connection with the proposed acquisition by Cisco Systems, Inc. (“Cisco”) of Sourcefire, Inc. (“Sourcefire”) pursuant to the terms of an Agreement and Plan of Merger by and among Sourcefire, Cisco, and a wholly-owned subsidiary of Cisco, Sourcefire will file a proxy statement with the Securities and Exchange Commission (the “SEC”). Investors are urged to read the proxy statement (including all amendments and supplements) because it will contain important information. Investors may obtain free copies of the proxy statement when it becomes available, as well as other filings containing information about Sourcefire, without charge, at the SEC’s Internet site (http://www.sec.gov). These documents may also be obtained for free from Sourcefire’s Investor Relations web site (http://investor.sourcefire.com/) or by directing a request to Sourcefire at: Sourcefire, Inc., 9770 Patuxent Woods Drive, Columbia, MD 21046.
Sourcefire and its officers and directors and other members of management and employees may be deemed to be participants in the solicitation of proxies from Sourcefire’s stockholders with respect to the acquisition. Information about Sourcefire’s executive officers and directors is set forth in the proxy statement for the Sourcefire 2013 Annual Meeting of Stockholders, which was filed with the SEC on April 24, 2013. Investors may obtain more detailed information regarding the direct and indirect interests of Sourcefire and its respective executive officers and directors in the acquisition by reading the preliminary and definitive proxy statements regarding the transaction, which will be filed with the SEC.

Forward-Looking Statements

This written communication contains forward-looking statements that involve risks and uncertainties concerning Cisco’s proposed acquisition of Sourcefire, Sourcefire’s expected financial performance, as well as Sourcefire’s strategic and operational plans. Actual events or results may differ materially from those described in this written communication due to a number of risks and uncertainties. The potential risks and uncertainties include, among others, the possibility that the transaction will not close or that the closing may be delayed; the reaction of our customers to the transaction; general economic conditions; the possibility that Sourcefire may be unable to obtain stockholder approval as required for the transaction or that the other conditions to the closing of the transaction may not be satisfied; the transaction may involve unexpected costs, liabilities or delays; the outcome of any legal proceedings related to the transaction; the occurrence of any event, change or other circumstances that could give rise to the termination of the transaction agreement. In addition, please refer to the documents that Cisco and Sourcefire file with the SEC on Forms 10-K, 10-Q and 8-K. The filings by Sourcefire identify and address other important factors that could cause its financial and operational results to differ materially from those contained in the forward-looking statements set forth in this written communication. Sourcefire is under no duty to update any of the forward-looking statements after the date of this written communication to conform to actual results.

Snort 2.9.5 is now available!

Snort 2.9.5 is now available on snort.org, at
https://www.snort.org/downloads in the Latest Release section.

We've rolled up a large number bug fixes and made some other additions
and improvements into this release.  Additions, deletions, and changes
are highlighted.

2013-07-01 - Snort 2.9.5

[*] New additions

* Added tracking of FTP data channel for file transfers as file_data
  for Snort rules.

* Add support for doing PAF based on services loaded thru the
  attribute table and hardened PAF code/removed --disable-paf

* Added decoding support for Cisco ERSPAN

* Added tracking of HTTP uploads as file_data for Snort rules.

* Added ability to use event filters with PPM rules

* Added a control channel command to reload the Snort configuration to
  give feedback on new configuration.  This improves on the older sigHUP
  which would just result in Snort exiting and restarting if the new
  configuration required a restart.

* Added a configuration option to perfmon to write flow-ip data to a
  file

* New decoding alert for IPv6 Routing type 0 header.

* Added the ability to sync basic session state from one Snort to
  another via a side channel communication between the two Snort
  instances.  NOTE:  This is currently experimental.

[*] Improvements

* Improved Stream's midstream pickup handling for TCP state processing,
  sequence validation, and reassembly.  Thanks to John Eure.

* Added a parse error for a rule if there is a relative content used
  after a content that is 'fast_pattern only'.

* Improved HTTP PAF reassembly capabilities to be better aligned on PDU
  boundaries, terminate if not actually HTTP, and to include all
  appropriate line feeds.

* Hardened the code related to dynamic modules.  Removed --disable-
  dynamicplugin configuration option since rule and preprocessor shared
  libraries are here to stay.

* Improved parsing of IP lists for reputation

* Update to Teredo processing and Snort rule evaluation when the inner
  IPv6 packet doesn't have payload.  Thanks to Yun Zheng Hu &
  L0rd Ch0de1m0rt for reporting the issue & crafting traffic to reproduce. 

* Improved logging of packets associated with alerts when a Stream
  reassembled packet triggers multiple Snort rules.

* Improvements to the Snort manual including documentation of specific
  rule options and configuration items.  Thanks to Nicholas Horton and many others.

* Removed a bunch of dead code paths, updated to use more current memory
  functions for easier code maintenance and portability.  Thanks to William Parker.

[*] Deletions

* Remove deprecated unified support, use unified2 for all of your
  logging needs.

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs@snort.org.

Happy Snorting!
The Snort Release Team

Sourcefire - SC Award Nominee for Best IPS/IDS and Best Cloud Security

"It’s crunch time for security enthusiasts who are preparing for next year’s RSA Conference in San Francisco. One key item is gearing up for the SC Awards - ‘the Oscars’ of the week’s events - which honors best-in-class security products.

Each year the SC Awards honor companies whose products have most strongly contributed to the security and reliability of North America’s IT industry. Sourcefire is honored to have been nominated in two categories:

1. Best IPS/IDS for our breadth of IPS solutions
2. Best Cloud Security for our Virtual 3D sensor

The voting process runs through October 7. Voting is open to SC Magazine subscribers who are security end users and practitioners - 25,000 of which have been pre-approved by the magazine.

If you fit into this description, and truly believe that Sourcefire technologies are the best of the best, please vote today.

Finalists for all categories will be announced the first week of November and the winners will be announced on Feb. 28, 2012, at the SC Awards U.S. Dinner at RSA Conference in San Francisco.

Wish us luck!"

-- Marc Solomon
Originally posted here.  Reposted for the Snort.org audience.