Open Hub
Open Hub

 Settings |  Report Duplicate

88
I Use This!
High Activity

News

Analyzed about 22 hours ago. based on code collected about 23 hours ago.
Snort rule update for April 16, 2019
Posted over 6 years ago by [email protected] (Jonathan Munshaw)
Just released:Snort Subscriber Rule Set Update for April 16, 2019Cisco Talos just released the newest SNORT® rule set. This release includes 39 new rules, 12 of which are shared object rules. There are also three modified rules, none of which are ... [More] shared object rules.This release provides coverage for a zero-day vulnerability in Microsoft Internet Explorer. This bug could allow an attacker to steal files from a user's machine, even if they are not actively using the web browser.There were no changes made to the snort.conf in this release.Talos's rule release:Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-java, file-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]
Applications for 2019 Snort scholarship are now open
Posted over 6 years ago by [email protected] (Jonathan Munshaw)
Are you a high school student planning on acquiring a college technology degree? Let Snort help you get there.The Snort Scholarship program is back this year, and once again, we are awarding two $10,000 to two individuals attending an accredited ... [More] college or university in the 2019-2020 academic year.You can apply for the scholarship here.To be eligible for the scholarship, you must: Have or be eligible to receive your high school diploma or an equivalent in 2019 as of the date Cisco receives your application. Provide reasonable evidence to Cisco that you are seeking a degree in computer science, information technology, computer networking, cybersecurity or a similarly related field of study from a school located in the U.S. or a U.S. territory.  To apply for the scholarship, you must answer a series of short essay questions, which will be our main basis for how we select the winners. You must submit your application by May 15, 2019.For more information about contest rules, eligibility requirements, or to complete a submission, visit our Snort Scholarship page. [Less]
Snort rule update for April 11, 2019
Posted over 6 years ago by [email protected] (Jonathan Munshaw)
Just released:Snort Subscriber Rule Set Update for April 11, 2019Cisco Talos just released the newest SNORT® rule set. This release includes 33 new rules, two of which are shared object rules. There are also seven modified rules.In addition to our ... [More] new rules today, we also have a new version of Snort: 2.9.13.0. Here's a roundup of the new improvements and features.There were no changes made to the snort.conf in this release.Talos's rule release:Yuzo Related Posts Zero-Day Vulnerability: A coding deficiency exists in the Yuzo Related Posts plugin of WordPress that may lead to cross-site scripting.A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SIDs 49795 through 49796.Talos has added and modified multiple rules in the browser-ie, file-office, file-other, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]
Snort 2.9.13.0 has been released
Posted over 6 years ago by [email protected] (Joel Esler)
Please join us as we welcome SNORTⓇ 2.9.13.0 to the family.The release notes for the newest version are below:New Additions Snort now supports reload on snort rules update. Addition of a scenario to add a packet to blacklist verdict to ensure the new ... [More] session will be allowed. Handled a new pre-processor alert in case of the improper end of t HTTP header. Improvements Modified the calculation of file hash for FTP/HTTP with offset values. Fixed portal authentication connection stuck in half closed state. Updated UDP global timeout for a non-standard port. As always, we welcome feedback and community participation in Snort on the snort-users mailing list. [Less]
Snort 2.9.13.0 has been released
Posted over 6 years ago by [email protected] (Joel Esler)
Please join us as we welcome SNORTⓇ 2.9.13.0 to the family.The release notes for the newest version are below:New Additions Snort now supports reload on snort rules update. Addition of a scenario to add a packet to blacklist verdict to ensure the new ... [More] session will be allowed. Handled a new pre-processor alert in case of the improper end of t HTTP header. Improvements Modified the calculation of file hash for FTP/HTTP with offset values. Fixed portal authentication connection stuck in half closed state. Updated UDP global timeout for a non-standard port. This release also patched the following two vulnerabilities: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort As always, we welcome feedback and community participation in Snort on the snort-users mailing list. [Less]
Snort rule update for April 9, 2019 — Microsoft Patch Tuesday
Posted over 6 years ago by [email protected] (Jonathan Munshaw)
Just released:Snort Subscriber Rule Set Update for April 9, 2019The newest SNORTⓇ rule set is here from Cisco Talos. In this release, we introduced 80 new rules, eight of which are shared object rules. There are also 10 modified rules.This release ... [More] covers Microsoft Patch Tuesday, which included fixes for 74 vulnerabilities. You can read more about the bugs that Microsoft disclosed over at the Talos blog.There were no changes made to the snort.conf in this release.Talos's rule release:Microsoft Vulnerability CVE-2019-0685: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49688 through 49689.Microsoft Vulnerability CVE-2019-0730: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49692 through 49693.Microsoft Vulnerability CVE-2019-0731: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49696 through 49697.Microsoft Vulnerability CVE-2019-0732: A coding deficiency exists in Microsoft Windows that may lead to a security feature bypass.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49704 through 49705.Microsoft Vulnerability CVE-2019-0735: A coding deficiency exists in Microsoft Windows CSRSS that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49694 through 49695.Microsoft Vulnerability CVE-2019-0752: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49702 through 49703.Microsoft Vulnerability CVE-2019-0753: A coding deficiency exists in Microsoft Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49708 through 49709.Microsoft Vulnerability CVE-2019-0793: A coding deficiency exists in MS XML that may lead to remote code execution.Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46548 through 46549.Microsoft Vulnerability CVE-2019-0794: A coding deficiency exists in OLE Automation that may lead to remote code execution.Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 46548 through 46549.Microsoft Vulnerability CVE-2019-0796: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49718 through 49719.Microsoft Vulnerability CVE-2019-0801: A coding deficiency exists in Microsoft Office that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49727 through 49745.Microsoft Vulnerability CVE-2019-0803: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49712 through 49713.Microsoft Vulnerability CVE-2019-0805: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49748 through 49749.Microsoft Vulnerability CVE-2019-0806: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49716 through 49717.Microsoft Vulnerability CVE-2019-0810: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49710 through 49711.Microsoft Vulnerability CVE-2019-0812: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49698 through 49699.Microsoft Vulnerability CVE-2019-0814: A coding deficiency exists in Microsoft Win32k that may lead to information disclosure.Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 45632 and 45635.Microsoft Vulnerability CVE-2019-0822: A coding deficiency exists in Microsoft Graphics that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49700 through 49701.Microsoft Vulnerability CVE-2019-0829: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49722 through 49723.Microsoft Vulnerability CVE-2019-0836: A coding deficiency exists in Microsoft Windows that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49720 through 49721.Microsoft Vulnerability CVE-2019-0840: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49750 through 49751.Microsoft Vulnerability CVE-2019-0844: A coding deficiency exists in Microsoft Windows Kernel that may lead to information disclosure.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49754 through 49755.Microsoft Vulnerability CVE-2019-0859: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49746 through 49747.Microsoft Vulnerability CVE-2019-0860: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49706 through 49707.Microsoft Vulnerability CVE-2019-0861: A coding deficiency exists in Microsoft Chakra Scripting Engine that may lead to remote code execution.Previously released rules will detect attacks targeting these vulnerabilities and have been updated with the appropriate reference information. They are also included in this release and are identified with GID 1, SIDs 49380 through 49381.Microsoft Vulnerability CVE-2019-0862: A coding deficiency exists in Microsoft Windows VBScript Engine that may lead to remote code execution.Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 49752 through 49753.Talos also has added and modified multiple rules in the browser-ie, browser-plugins, file-executable, file-office, file-pdf, indicator-shellcode, malware-cnc, os-linux, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.  [Less]
Update to Snort OpenAppID detectors
Posted over 6 years ago by [email protected] (Costas Kleopa)
We recently released an update to the Snort OpenAppID Detector content.This release, build 319, includes a total of 2,836 detectors, as well as some additional detectors that came in from the open-source community. For more details on which ... [More] contributions we included, we have added them to the "Authors" file in this package.fThe update is available for download now from our downloads page. We look forward to you downloading and using the new features of 2.9.12.0's OpenAppID preprocessor and sharing your experiences with the community. The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up. [Less]
Snort rule update for April 4, 2019
Posted over 6 years ago by [email protected] (Jonathan Munshaw)
Just released:Snort Subscriber Rule Set Update for April 4, 2019Cisco Talos just released the newest SNORT® rule set. This release includes 23 new rules and five modified rules, none of which are shared object rules.This release provides new coverage ... [More] for the Rietspoof malware discovered earlier this year. The trojan has been spread via instant messages on the Skype video chat platform.There were no changes made to the snort.conf in this release.Talos's rule release:Talos has added and modified multiple rules in the file-flash, file-other, file-pdf, indicator-compromise, malware-cnc, os-windows, server-other and sql rule sets to provide coverage for emerging threats from these technologies.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]
Snort rule update for April 2, 2019
Posted over 6 years ago by [email protected] (Jonathan Munshaw)
Just released:Snort Subscriber Rule Set Update for April 2, 2019Cisco Talos just released the newest SNORT® rule set. This release includes 33 new rules, three of which are shared object rules. There are also three modified rules and four modified ... [More] shared object rules.This release provides coverage for a bug in Huawei's PCManager software that could allow an attacker to bypass security protections in the Windows kernel. There's also a new rule to protect the RV series of Cisco routers, which have been under attack for several months.There were no changes made to the snort.conf in this release.Talos's rule release:Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-other, file-pdf, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]
Snort rule update for March 28, 2019
Posted over 6 years ago by [email protected] (Jonathan Munshaw)
Just released:Snort Subscriber Rule Set Update for March 28, 2019Cisco Talos just released the newest SNORT® rule set. This release includes 29 new rules, 15 of which are shared object rules. There are also 1,396 modified rules.The bulk of these ... [More] modified rules simply add references for the MITRE ATT&ACK framework. The MITRE ATT&CK Framework is described in this wiki, which provides a thorough overview of all known attack techniques that currently or have been employed by adversaries in the wild. Each documented technique is accompanied by explanations, examples, detection recommendations, and the related actor(s) that have employed the technique. Talos has added these additional references in the SIDs to provide attack context information for our customers, and to support integration with other systems or reporting requirements.This release provides coverage for several vulnerabilities Cisco disclosed this week in IOS XE. These bugs could allow an attacker to gain access to sensitive configuration information on many of Cisco's small and home office (SOHO) routers.There were no changes made to the snort.conf in this release.Talos's rule release:Talos has added and modified multiple rules in the app-detect, browser-firefox, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-executable, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, netbios, os-mobile, os-other, os-solaris, os-windows, policy-other, policy-social, policy-spam, protocol-ftp, protocol-imap, protocol-other, protocol-pop, protocol-rpc, protocol-scada, protocol-snmp, protocol-telnet, protocol-voip, pua-adware, server-apache, server-iis, server-mail, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.We would also like to acknowledge Yasser for their contributions to Snort rules 49592 - 49595.You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats. [Less]