Talos Rules 2024-04-30
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-office, malware-cnc, os-windows, policy-other, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:21:45 UTC

Snort Subscriber Rules Update

Date: 2024-04-30

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:63345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection (malware-cnc.rules)
 * 1:63332 <-> DISABLED <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt (server-webapp.rules)
 * 1:63348 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63347 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules)
 * 1:63331 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt (server-other.rules)
 * 1:63344 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63346 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt (os-windows.rules)
 * 1:63343 <-> DISABLED <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt (server-webapp.rules)
 * 1:63333 <-> DISABLED <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt (server-webapp.rules)
 * 1:63349 <-> DISABLED <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt (server-samba.rules)
 * 1:63334 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63335 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63336 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63337 <-> DISABLED <-> SERVER-WEBAPP Progress Flowmon command injection attempt (server-webapp.rules)
 * 1:63338 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63339 <-> DISABLED <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt (server-webapp.rules)
 * 1:63340 <-> DISABLED <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt (os-windows.rules)
 * 1:63341 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 1:63342 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules)
 * 3:63350 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:59657 <-> DISABLED <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt (policy-other.rules)

2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:25 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:26 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:26 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:26 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:26 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt


2024-04-30 12:24:26 UTC

Snort Subscriber Rules Update

Date: 2024-04-29-002

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300894 <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt
* 1:300895 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:63331 <-> SERVER-OTHER OpenSSL ssl23_get_client_hello denial of service attempt
* 1:63332 <-> SERVER-WEBAPP Zabbix Frontend authentication bypass attempt
* 1:63333 <-> SERVER-WEBAPP OpenMetadata authentication bypass attempt
* 1:63334 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63335 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63336 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63337 <-> SERVER-WEBAPP Progress Flowmon command injection attempt
* 1:63338 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63339 <-> SERVER-WEBAPP CrushFTP arbitrary file read attempt
* 1:63340 <-> OS-WINDOWS Active Directory integrated DNS memory underflow attempt
* 1:63343 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63344 <-> SERVER-WEBAPP Xiph Icecast Server auth_url buffer overflow attempt
* 1:63345 <-> MALWARE-CNC Win.Trojan.Agent CNC outbound connection
* 1:63346 <-> OS-WINDOWS Microsoft Windows SMBv1 denial-of-service attempt
* 1:63349 <-> SERVER-SAMBA Samba smbd infinite allocation loop denial of service attempt
* 3:63350 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1978 attack attempt

Modified Rules:

* 1:35668 <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt
* 1:59657 <-> POLICY-OTHER Red Hat 389 Directory Server Server-Side-Sort denial of service attempt