Open Hub
Black Duck Open Hub

 Settings |  Report Duplicate

88
I Use This!
High Activity

News

Analyzed about 6 hours ago. based on code collected about 9 hours ago.
Snort rule update for Oct. 15, 2019
Posted over 4 years ago by [email protected] (Jon Munshaw)
Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.This release contains 76 new rules and five modified ... [More] rulesTuesday's release provides coverage for two notable vulnerabilities that have made headlines over the past month — some in vBulletin and others in Apple's WebKit.Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-image, file-office, file-other, indicator-compromise, os-linux, os-mobile, os-other, os-windows, policy-other, protocol-imap, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.Here are two sets of rules we wish to specifically highlight: 51834 - 51837: A now-patched vulnerability in the popular service vBulletin is allowing attackers to completely take over sites that use the software. vBulletin powers the commenting functions for many popular sites. An attacker could exploit this vulnerability to gain the ability to remotely execute malicious code on any vBulletin server running versions 5.0.0 through 5.5.4. This bug was initially dropped as a zero-day by an anonymous user, but has since been patched by the company. These Snort rules prevent any attempt to inject code into the server using this bug. Marcos Rodriguez wrote these rules. 51821 - 51824, 51831, 58132: Multiple vulnerabilities in Apple's WebKit is allowing attackers to serve users' malicious advertisements. This campaign affected the Google Chrome and Safario web browsers on iOS and MacOS, but the vulnerabilities were all patched out inApple's latest series of security updates. All of the ads centered around the user's specific mobile carrier, hoping to entice them to visit malicious websites. The vulnerabilities would allow the ads to break out of any sandboxes in place. John Levy wrote these rules. You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]
Snort document updates
Posted over 4 years ago by [email protected] (Joel Esler)
A couple updates to SNORTⓇ installation guides for Snort 3 have hit our documentation page, and we want to take a minute and personally thank the community members that spend their time writing documentation, quality checking it, testing it, and ... [More] putting it out there with their name attached to it — all in the interest of making the Snort community a better place.So, thanks go to the following individuals: Noah Dietrich Yaser Mansour Milad Rezaei First, we have an updated guide to Snort 2.9.14.1 on CentOS. This guide should work fine for our recently posted 2.9.15.0 release, simply by changing "2.9.14.1" to "2.9.15" where appropriate.Next, there's an updated guide to Snort 3 installation on CentOS 8. And we updated the guide to Snort 3 installation on Ubuntu 18 & 19.As a reminder, our setup and installation guides can be found on Snort's documentation page under "Snort Setup Guides." While you are there, feel free to check out all the other documentation, such as Deployment Guides, startup scripts, and the official Snort manual. [Less]
Snort 2.9.15.0 is here
Posted over 4 years ago by [email protected] (Joel Esler)
Today, we added Snort 2.9.15.0 to the family!As always, available from our download site on Snort.org, this new version contains the following features:New Additions Added new debugs to print detection, file_processing and Preproc time consumption ... [More] info and verdict. Added support to detect new Korean file formats .egg and .alg in the file preprocessor. Added support to detect new RAR file-type in the file preprocessor. Improvements / Fix Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets. Fix to whitelist FTP data sessions when no file policy exists. Fix RTF file magic to a more generic value to prevent evasions. Added debug logs during HTTP reload. Added rule SID check during validation. Fix an issue where HTTP was processing non-HTTP traffic on port 443. Added new debugs to print detection, file processing, and Prepro time consumption info and verdicts. Any notes or feedback for us on Snort 2.9.15.0?  Please shoot us a note over on the Snort-Users mailing list. [Less]
Snort rule update for Oct. 8, 2019: Microsoft Patch Tuesday
Posted over 4 years ago by [email protected] (Jon Munshaw)
The latest SNORT® rule release from Cisco Talos has arrived. This new round of rules provides coverage for all of the vulnerabilities covered in Microsoft Patch Tuesday.For more details on the 60 vulnerabilities Microsoft disclosed this week, head to ... [More] the Talos blog.In all, this release includes 63 new rules, six modified rules and two new shared object rules.There were no changes made to the snort.conf in this release.Talos's rule release:Microsoft Vulnerability CVE-2019-1060: A coding deficiency exists in MS XML that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51793 through 51794.Microsoft Vulnerability CVE-2019-1238: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51791 through 51792.Microsoft Vulnerability CVE-2019-1239: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51789 through 51790.Microsoft Vulnerability CVE-2019-1307: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51787 through 51788.Microsoft Vulnerability CVE-2019-1308: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51785 through 51786.Microsoft Vulnerability CVE-2019-1333: A coding deficiency exists in Remote Desktop Client that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51741 through 51742.Microsoft Vulnerability CVE-2019-1335: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51735 through 51736.Microsoft Vulnerability CVE-2019-1341: A coding deficiency exists in Microsoft Windows Power Service that may lead to elevation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51781 through 51782.Microsoft Vulnerability CVE-2019-1362: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51739 through 51740.Microsoft Vulnerability CVE-2019-1364: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51733 through 51734.Microsoft Vulnerability CVE-2019-1366: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 51783 through 51784.Talos also has added and modified multiple rules in the browser-ie, file-other, file-pdf, indicator-compromise, indicator-scan, os-windows, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]
Snort rule update for Oct. 1, 2019
Posted over 4 years ago by [email protected] (Jon Munshaw)
Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.This release contains 20 new rules, 30 modified rules and 11 new ... [More] shared object rules.Tuesday's release provides protection against the Moonshine attack, a recent campaign aimed at install spyware onto Tibetan leaders' mobile devices.Talos has added and modified multiple rules in the file-multimedia, file-other, malware-cnc, malware-other, policy-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.We would like to higlight the rule below: 51672: This rule protects against the Moonshine attack, which researchers recently discovered being used in the wild. An APT known as "Poison Karp" used Moonshine to load spyware onto mobile devices belonging to members of the Tibetan government. The attack consists of a mixture of eight different vulnerabilities in the Android mobile operating system, but no zero-days. Researchers say the attackers targeted staffers of the Dalai Lama once in 2018, and then again in April and May of this year. Lilia Gonzalez Medina wrote this rule.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.6.2.6 [Less]
Snort rule update for Sept. 24, 2019
Posted over 4 years ago by [email protected] (Jon Munshaw)
Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.This release contains 11 new rules, 12 modified rules and 27 new ... [More] shared object rules.Tuesday's release provides more protections for a line of D-Link routers that were recently found to contain serious vulnerabilities.Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-other, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]
Snort versions EOL and open-source Snort release schedule updates
Posted over 4 years ago by [email protected] (Joel Esler)
It's time again for us to wind down certain versions of SNORTⓇ.We currently support 36 different Open Source Operating System builds for the Snort Subscriber Rule Set. Each additional version of the OS and additional version of Snort that we have to ... [More] support exponentially increases the amount of build — and, subsequently, QA — time required to create a version of the ruleset. To adjust this workload, we will be deprecating the following versions of Snort: 2.9.9.0 2.9.11.1 2.9.12.0 Using our regular 90-day notice policy, this means that those versions will deprecate on Dec. 18 later this year.This will leave versions: 2.9.8.3 2.9.13.0 2.9.14.1 And the upcoming release of 2.9.15.0 If you are on 2.9.9.0, 2.9.11.1, or 2.9.12.0, we recommend you upgrade to 2.9.14.1 immediately.We will be updating our EOL page on Snort.org soon to reflect this change as soon as we get a chance to push that live.But, there is good news.We are going to move to a more regular release schedule of about once a quarter. We will iron out the dates and details soon, at which time we'll let you know on the blog with an accompanying page on Snort.org. This will allow for more regular releases and easier depreciation of older releases.If there are any concerns, please bring them to the Snort-Users mailing list. [Less]
Snort rule update for Sept. 19, 2019
Posted over 4 years ago by [email protected] (Jon Munshaw)
Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.This release contains 24 new rules and four modified ... [More] rules.Thursday's release provides protections for HooToo's line of traveling wireless routers, as well as one D-Link router that could be compromised with a malicious HNAP1 request.Talos has added and modified multiple rules in the deleted, file-office, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]
Snort OpenAppID Detectors have been updated
Posted over 4 years ago by [email protected] (Costas Kleopa)
An update has been released today for the Snort OpenAppID Detector content.This release, build 326, includes: A total of 2,880 detectors.  It also includes some additional detectors that came in from the open source community. For more details on ... [More] which contributions were included, we have added them in the AUTHORS file in this package. Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.14.1's OpenAppID preprocessor and sharing your experiences with the community.The OpenAppID package is also compatible with our Snort 3.0 release.The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up. [Less]
Snort rule update for Sept. 17, 2019
Posted over 4 years ago by [email protected] (Jon Munshaw)
Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.This release contains 22 new rules and 20 modified ones.Tuesday's ... [More] release provides coverage for several different malware variants. Several new rules prevent these samples from making outbound connections to their command and control (C2) servers.Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-image, Talos has added and modified multiple rules in the indicator-shellcode, malware-cnc, malware-other, os-windows, protocol-services, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]