Snort rule update for March 16, 2021
The newest SNORTⓇ rule release arrived this morning, courtesy of
Cisco Talos.
Tuesday's release includes a new rule protecting against the
exploitation of the critical vulnerabilities in F5 BIG-IP and
BIG-IQ. An adversary could exploit these vulnerabilities, which
F5 disclosed last week, to take complete
control of affected systems to execute malicious code, disable
services and create or delete files, among other malicious
actions.
The new Snort rule detects when attackers try to inject
arbitrary commands via the iControl REST interface.
Here's a breakdown of today's rule release:
.tg {border-collapse:collapse;border-spacing:0;} .tg
td{border-color:black;border-style:solid;border-width:1px;font-family:Arial,
sans-serif;font-size:14px; overflow:hidden;padding:10px
5px;word-break:normal;} .tg
th{border-color:black;border-style:solid;border-width:1px;font-family:Arial,
sans-serif;font-size:14px;
font-weight:normal;overflow:hidden;padding:10px
5px;word-break:normal;} .tg
.tg-6p4y{border-color:#efefef;font-weight:bold;text-align:left;vertical-align:top}
.tg
.tg-li6d{border-color:#efefef;text-align:center;vertical-align:top}
| Shared object rules |
Modified shared object rules |
New rules |
Modified rules |
| 8 |
0 |
1 |
1 |
There were
no changes made
to the
snort.conf in this
release.
Talos' rule release:
Talos has added and modified multiple rules in the file-pdf and
server-webapp rule sets to provide coverage for emerging threats
from these technologies.
You can
subscribe to Talos' newest rule detection
functionality for as low as $29 a year with a personal account. Be
sure and see our business pricing as well
here. The Snort 3 release is also here after years of
development and improvements. Upgrade
here.
