Rule Update
20-056 (November 3, 2020)
Publish date: November 03, 2020
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DNS Server
1010577* - ISC BIND TSIG Authentication Bypass Vulnerability (CVE-2017-3143)
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
Suspicious Client Ransomware Activity
1010597 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (Office 365 Calendar Profile)
1010596 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (YouTube Profile)
Web Client Common
1010520 - FasterXML jackson-databind Remote Code Execution Vulnerability (CVE-2020-9547 & CVE-2020-9548)
1010584* - Google Chrome FreeType Font File Buffer Overflow Vulnerability Over HTTP (CVE-2020-15999)
1009823* - Microsoft Windows ActiveX Data Objects (ADO) Remote Code Execution Vulnerability (CVE-2019-0888)
1010505* - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-1074)
Web Client Internet Explorer/Edge
1009570* - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)
Web Server Common
1010578* - MobileIron MDM Remote Code Execution Vulnerability (CVE-2020-15505)
1010560* - Yaws Web Server XML External Entity Injection Vulnerability (CVE-2020-24379)
Web Server HTTPS
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
Web Server Miscellaneous
1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
Web Server Oracle
1010447* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
Web Server SharePoint
1010573* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-16952)
Zoho ManageEngine
1010563* - Zoho ManageEngine Applications Manager Arbitrary File Upload Vulnerability (CVE-2020-14008)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010558 - Auditd - Mitre ATT&CK TA0005: Defense Evasion
1010582 - Auditd - Mitre ATT&CK TA0008: Lateral Movement
Deep Packet Inspection Rules:
DNS Server
1010577* - ISC BIND TSIG Authentication Bypass Vulnerability (CVE-2017-3143)
IBM WebSphere Application Server
1010343* - IBM WebSphere UploadFileArgument Deserialization Vulnerability (CVE-2020-4448)
Suspicious Client Ransomware Activity
1010597 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (Office 365 Calendar Profile)
1010596 - Identified HTTP Cobalt Strike Malleable C&C Traffic Response (YouTube Profile)
Web Client Common
1010520 - FasterXML jackson-databind Remote Code Execution Vulnerability (CVE-2020-9547 & CVE-2020-9548)
1010584* - Google Chrome FreeType Font File Buffer Overflow Vulnerability Over HTTP (CVE-2020-15999)
1009823* - Microsoft Windows ActiveX Data Objects (ADO) Remote Code Execution Vulnerability (CVE-2019-0888)
1010505* - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-1074)
Web Client Internet Explorer/Edge
1009570* - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)
Web Server Common
1010578* - MobileIron MDM Remote Code Execution Vulnerability (CVE-2020-15505)
1010560* - Yaws Web Server XML External Entity Injection Vulnerability (CVE-2020-24379)
Web Server HTTPS
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
Web Server Miscellaneous
1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
Web Server Oracle
1010447* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14645)
Web Server SharePoint
1010573* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2020-16952)
Zoho ManageEngine
1010563* - Zoho ManageEngine Applications Manager Arbitrary File Upload Vulnerability (CVE-2020-14008)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010558 - Auditd - Mitre ATT&CK TA0005: Defense Evasion
1010582 - Auditd - Mitre ATT&CK TA0008: Lateral Movement
Featured Stories
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
- Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more