Rule Update
16-001 (January 12, 2016)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Application Control For Web Browser
1002996* - Application Control For Google Chrome Web Browser
DNS Client
1007297* - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)
Microsoft Office
1007374 - Microsoft Office ASLR Bypass Vulnerability (CVE-2016-0012)
1007373 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0010)
1007375 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0035)
OpenSSL
1007328 - OpenSSL Certificate Missing PSS Parameter Denial Of Service Vulnerability (CVE-2015-3194)
SSL/TLS Server
1007379 - SLOTH - Security Losses From Obsolete And Truncated Transcript Hashes Attack On TLS Server
Web Application Common
1007170* - Identified Suspicious China Chopper Webshell Communication
Web Client Common
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1004715* - HTTP Web Client Decoding
1006073* - Heuristic Detection Of Malicious PDF Documents - 6
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006882* - Identified Suspicious Obfuscated JavaScript - 4
1007368 - Microsoft DirectShow Heap Corruption Vulnerability (CVE-2016-0015)
1007364 - Microsoft Windows ASLR Bypass Vulnerability (CVE-2016-0008)
1007370 - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-007)
1007062 - Mozilla Firefox Arbitrary JavaScript Execution Vulnerability (CVE-2015-0802)
Web Client Internet Explorer/Edge
1007372 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0003)
1007378 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0024)
1007229* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
1007244* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
1007363 - Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability (CVE-2016-0005)
1007362 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0002)
1007366 - Microsoft Silverlight Runtime Remote Code Execution Vulnerability (CVE-2016-0034)
Web Server RealVNC
1006884* - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)
Windows Services RPC Client
1007369 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
Integrity Monitoring Rules:
1003533* - Application - OpenSSH
1003354* - Mail Server - Sendmail
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Application Control For Web Browser
1002996* - Application Control For Google Chrome Web Browser
DNS Client
1007297* - Microsoft Windows DNS Use After Free Vulnerability (CVE-2015-6125)
Microsoft Office
1007374 - Microsoft Office ASLR Bypass Vulnerability (CVE-2016-0012)
1007373 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0010)
1007375 - Microsoft Office Memory Corruption Vulnerability (CVE-2016-0035)
OpenSSL
1007328 - OpenSSL Certificate Missing PSS Parameter Denial Of Service Vulnerability (CVE-2015-3194)
SSL/TLS Server
1007379 - SLOTH - Security Losses From Obsolete And Truncated Transcript Hashes Attack On TLS Server
Web Application Common
1007170* - Identified Suspicious China Chopper Webshell Communication
Web Client Common
1006977* - Adobe Flash Player Use After Free Vulnerability (CVE-2015-5557)
1004715* - HTTP Web Client Decoding
1006073* - Heuristic Detection Of Malicious PDF Documents - 6
1007119* - Identified Malicious Adobe Flash SWF File - 2
1006882* - Identified Suspicious Obfuscated JavaScript - 4
1007368 - Microsoft DirectShow Heap Corruption Vulnerability (CVE-2016-0015)
1007364 - Microsoft Windows ASLR Bypass Vulnerability (CVE-2016-0008)
1007370 - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-007)
1007062 - Mozilla Firefox Arbitrary JavaScript Execution Vulnerability (CVE-2015-0802)
Web Client Internet Explorer/Edge
1007372 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0003)
1007378 - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0024)
1007229* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
1007244* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
1007363 - Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability (CVE-2016-0005)
1007362 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0002)
1007366 - Microsoft Silverlight Runtime Remote Code Execution Vulnerability (CVE-2016-0034)
Web Server RealVNC
1006884* - libvncserver Denial Of Service Vulnerability (CVE-2014-6054)
Windows Services RPC Client
1007369 - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
Integrity Monitoring Rules:
1003533* - Application - OpenSSH
1003354* - Mail Server - Sendmail
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more