Snort rule update for March 25, 2021

Cisco Talos released the newest rule update for SNORTⓇ this morning.

Thursday's release includes another new rule to protect against attacks from the Hafnium threat group that's been recently spotted exploiting zero-day vulnerabilities in Microsoft Exchange Server. 

There are also multiple rules to protect against the exploitation of several vulnerabilities Cisco recently disclosed in its IOS XE software. Cisco disclosed 15 vulnerabilities earlier this week, all of which are considered to be high-severity.

Here's a breakdown of today's rule release:

.tg {border-collapse:collapse;border-spacing:0;} .tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px; overflow:hidden;padding:10px 5px;word-break:normal;} .tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px; font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;} .tg .tg-6p4y{border-color:#efefef;font-weight:bold;text-align:left;vertical-align:top} .tg .tg-li6d{border-color:#efefef;text-align:center;vertical-align:top}
Shared object rules Modified shared object rules New rules Modified rules
16 3 4 2

There were no changes made to the snort.conf in this release.
Talos' rule release:
Talos has added and modified multiple rules in the browser-other, malware-cnc, os-windows, protocol-tftp and server-webapp rule sets to provide coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. The Snort 3 release is also here after years of development and improvements. Upgrade here.