21-001 (January 5, 2021)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)


DCERPC Services - Client
1010594* - Google Chrome FreeType Font File Buffer Overflow Vulnerability Over SMB (CVE-2020-15999)


Web Application Common
1010663 - Bludit CMS Brute Force Bypass Vulnerability (CVE-2019-17240)
1010668 - FUEL CMS Remote Code Execution Vulnerability (CVE-2018-16763)


Web Application PHP Based
1010705 - WordPress 'Canto' Plugin Multiple Server-Side Request Forgery Vulnerabilities
1010683 - WordPress 'Ultimate Member' Plugin Multiple Privilege Escalation Vulnerabilities


Web Client Common
1010584* - Google Chrome FreeType Font File Buffer Overflow Vulnerability Over HTTP (CVE-2020-15999)
1010710 - Microsoft Windows DirectWrite Information Disclosure Vulnerability (CVE-2019-1244)
1010703 - Microsoft Windows DirectWrite Information Disclosure Vulnerability (CVE-2019-1245)


Web Server Apache
1010670* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2020-17530)


Web Server Common
1010173* - Cisco Data Center Network Manager REST API SQL Injection Vulnerability (CVE-2019-15984)
1010196* - Identified Suspicious .NET Serialized Object
1010687 - Oracle ADF Faces Deserialization of Untrusted Data Vulnerability (CVE-2019-2904)
1010697 - Trend Micro InterScan Messaging Security Virtual Appliance Widget Information Disclosure Vulnerability (CVE-2020-27019)


Web Server HTTPS
1010694* - Identified HTTP Backdoor.MSIL.Supernova.A Traffic Request


Zoho ManageEngine
1010698 - Zoho ManageEngine Applications Manager 'showMonitorGroupView' SQL Injection Vulnerability


Integrity Monitoring Rules:

1002776* - Microsoft Windows - Startup Programs Modified (ATT&CK T1112, T1060)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.