[Emerging-updates] Daily Ruleset Update Summary 2015/01/13

Francis Trudeau ftrudeau at emergingthreats.net
Tue Jan 13 18:15:23 EST 2015


 [***] Summary: [***]

 26 new Pro sigs.  MS Patch Tuesday, Symposium WP Plugin File Upload,
IMPI vuln CVE-2014-8272.

 Thanks:  @kafeine and @EKWatcher.

 Check out more details on our Patch Tuesday signatures here:

 http://emergingthreats.net/january-2015-microsoft-patch-tuesday-coverage/

 [+++]          Added rules:          [+++]

 Pro:

  2809487 - ETPRO DOS MS Telnet Service DoS Vulnerability
CVE-2015-0014 (dos.rules)
  2809488 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809489 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809490 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809491 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809492 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809493 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809494 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809495 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809496 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809497 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809498 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809499 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809500 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809501 - ETPRO DOS MS RADIUS DoS Vulnerability CVE-2015-0015 (dos.rules)
  2809502 - ETPRO ACTIVEX CTSWebProxy ActiveX sandbox escape
(CVE-2015-0016) (activex.rules)
  2809503 - ETPRO ACTIVEX IMSTSWebProxy (CVE-2015-0016) 2 (activex.rules)
  2809504 - ETPRO ACTIVEX IMSTSWebProxy (CVE-2015-0016) 3 (activex.rules)
  2809505 - ETPRO ATTACK_RESPONSE MongoDB Database Enumeration Request
(attack_response.rules)
  2809506 - ETPRO ATTACK_RESPONSE MongoDB Version Request
(attack_response.rules)
  2809507 - ETPRO ATTACK_RESPONSE MongoDB Namespace Enumeration
Request (attack_response.rules)
  2809508 - ETPRO TROJAN Unknown IRC Bot Nick in IRC (trojan.rules)
  2809509 - ETPRO MOBILE_MALWARE Android/AdDisplay.Frupi.A Checkin
(mobile_malware.rules)
  2809510 - ETPRO WEB_SPECIFIC_APPS Symposium WP Plugin Arbitrary File
Upload 2 (web_specific_apps.rules)
  2809511 - ETPRO TROJAN Win32/Spy.Zbot.ACB Checkin (trojan.rules)
  2809512 - ETPRO EXPLOIT Possible IPMI 1.5 Session-ID Exploit Attempt
CVE-2014-8272 (exploit.rules)


 [///]     Modified active rules:     [///]

  2000488 - ET EXPLOIT MS-SQL SQL Injection closing string plus line
comment (exploit.rules)
  2014726 - ET POLICY Outdated Windows Flash Version IE (policy.rules)
  2014727 - ET POLICY Outdated Mac Flash Version (policy.rules)
  2020148 - ET CURRENT_EVENTS MS Office Macro Dridex Download URI Jan
7 2015 (current_events.rules)
  2020159 - ET CURRENT_EVENTS Upatre Redirector Jan 9 2015
(current_events.rules)
  2020161 - ET CURRENT_EVENTS Upatre Firefox/Chrome Redirector
Receiving Payload Jan 9 2015 (current_events.rules)
  2806655 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Winge.b
Checkin (mobile_malware.rules)
  2809350 - ETPRO WEB_SPECIFIC_APPS Symposium WP Plugin Arbitrary File
Upload (web_specific_apps.rules)
  2809363 - ETPRO TROJAN PhaseBot Checkin (trojan.rules)


 [---]         Removed rules:         [---]

  2806656 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Winge.b
Checkin 2 (mobile_malware.rules)
  2808426 - ETPRO MOBILE_MALWARE Trojan-Clicker.AndroidOS.Winge.b
Checkin 3 (mobile_malware.rules)


More information about the Emerging-updates mailing list