Cisco Talos released the newest SNORTⓇ ruleset this morning.
Tuesday's rule update includes new rules to protect against the
"Victory" backdoor recently being used by a
state-sponsored APT as part of a surveillance operation. There are
also new rules associated with the same attack that block an RTF
file the attackers use with the RoyalRoad weaponizer.
Talos also released coverage for a recently disclosed
vulnerability in Cisco's Adaptive Security Appliance that is being
exploited in the wild.
There were no changes made
to the snort.conf in this
release.
Talos' rule release:
Talos has added and modified multiple rules in the browser-chrome,
exploit-kit, malware-cnc and server-webapp rule sets to provide
coverage for emerging threats from these technologies.
You can subscribe to Talos' newest rule detection
functionality for as low as $29 a year with a personal account. Be
sure and see our business pricing as well here. The Snort 3 release is also here after years of
development and improvements. Upgrade here.