VRT Advisories

1 2 3 5 7 8 9 131 132


VRT Rules 2014-02-14

Sourcefire VRT Rules Update

Date: 2014-02-14

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, file-pdf, indicator-compromise, malware-cnc, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Feb 14, 2014



VRT Rules 2014-02-13

Sourcefire VRT Rules Update

Date: 2014-02-13

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-chrome, browser-ie, browser-other, browser-plugins, deleted, dos, file-other, indicator-obfuscation, malware-cnc, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Feb 13, 2014



VRT Rules 2014-02-11

Sourcefire VRT Rules Update

Date: 2014-02-11

Synopsis:

The Sourcefire VRT is aware of vulnerabilities affecting products from Microsoft Corporation.

Details:

Microsoft Security Bulletin MS14-005:
Programming errors exist in Microsoft XML Core Services (MSXML) that could lead to information disclosure.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 29680 through 29705.

Microsoft Security Bulletin MS14-006:
A coding deficiency in IPv6 could lead to a Denial of Service (DoS).

Previously released rules will detect attacks targeting this vulnerability and have been updated with the appropriate reference information. They are included in this release and are identified with GID 1, SIDs 23178 and 24296.

Microsoft Security Bulletin MS14-007:
A coding deficiency exists in Direct2D that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 29713 through 29714.

Microsoft Security Bulletin MS14-009:
Programming errors in the .NET Framework may lead to an escalation of privilege.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 29715.

Microsoft Security Bulletin MS14-010:
Internet Explorer suffers from programming errors that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 29655, 29667 through 29668, 29671 through 29674, 29676 through 29679, 29706 through 29712, 29716 through 29722, 29727 through 29738, and 29741 through 29744.

Microsoft Security Bulletin MS14-011:
A coding deficiency exists in the VBScript Scripting Engine that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 29675.

The Sourcefire VRT has also added and modified multiple rules in the blacklist, browser-ie, browser-plugins, exploit-kit, file-flash, file-multimedia, file-office, file-other, file-pdf, malware-cnc, malware-other, protocol-icmp, server-apache, server-iis and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Feb 11, 2014



VRT Rules 2014-02-06

Sourcefire VRT Rules Update

Date: 2014-02-06

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-plugins, browser-webkit, file-flash, file-identify, file-image, file-other, file-pdf, malware-cnc, netbios, protocol-icmp, protocol-scada, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Feb 06, 2014



VRT Rules 2014-02-04

Sourcefire VRT Rules Update

Date: 2014-02-04

Synopsis:

This release adds and modifies rules in several categories.

Details:

The Sourcefire VRT has added and modified multiple rules in the bad-traffic, blacklist, browser-chrome, browser-firefox, browser-ie, browser-plugins, browser-webkit, dos, exploit-kit, file-flash, file-java, file-multimedia, file-other, indicator-obfuscation, malware-cnc, netbios, os-windows, protocol-imap, protocol-scada, scada, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

why subscribe? || download rules

Posted by on Feb 04, 2014



1 2 3 5 7 8 9 131 132