Rule Update
21-039 (August 31, 2021)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1011105* - Identified File Deletion From SMB Share (ATT&CK T1070.004)
DNS Server
1011102 - PowerDNS Authoritative Server Denial of Service Vulnerability (CVE-2021-36754)
Java RMI
1011078* - Atlassian Jira and Jira Service Management Data Center Insecure Deserialization Vulnerability (CVE-2020-36239)
Remote Login Applications
1004364* - TeamViewer (ATT&CK T1219)
Web Application Common
1011108 - GitStack Remote Code Execution Vulnerability (CVE-2018-5955) - 1
1011101 - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)
1009310* - Microsoft Exchange Server SSRF Vulnerability (CVE-2018-16793)
1011103 - PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)
Web Client Common
1011049* - Google Chrome V8 Type Confusion Vulnerability (CVE-2021-30551)
1010207* - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938)
Web Server Miscellaneous
1011099* - Jenkins 'Selenium HTML report' Plugin XML External Entity Injection Vulnerability (CVE-2021-21672)
Web Server Oracle
1011096* - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2021-2394)
Integrity Monitoring Rules:
1002900* - Application - 3CDaemon
1002998* - Application - ARCserve Backup
1002851* - Application - Apache HTTP Server
1002853* - Application - Apache Tomcat
1003364* - Application - Exim
1003200* - Application - IBM DB2
1003077* - Application - IBM Lotus Domino
1003263* - Application - IBM Tivoli Directory Server
1003363* - Application - IPSwitch iMail
1003241* - Application - Ingres Database Server
1009060* - Application - Kubernetes Cluster master
1009434* - Application - Kubernetes Cluster node
1003039* - Application - MDaemon Email Server
1003040* - Application - MailEnable
1003092* - Application - Merak Mail Server
1003063* - Application - Microsoft Exchange
1002910* - Application - Microsoft IIS
1002999* - Application - Microsoft SQL Server
1003000* - Application - MySQL
1002914* - Application - NettermFTP
1003102* - Application - Novell eDirectory
1003090* - Application - Oracle Database Server
1003105* - Application - PostgreSQL
1003380* - Application - Squid Proxy
1003139* - Application - Sun ONE Application Server
1003142* - Application - Sun ONE Directory Server
1010055* - Application - Trend Micro ApexOne Server
1003019* - Application - Trend Micro Deep Security Agent / Relay
1003020* - Application - Trend Micro Deep Security Manager
1003744* - Application - Trend Micro OfficeScan Server
1003087* - Application - Trend Micro OfficeScan client
1003131* - Application - VMware Server
1002898* - Application - WS_FTP
1003403* - Application - WU-FTPD
1002849* - Application - WarFTPD
1003391* - Application - vsftpd
1011070* - Linux/Unix - SSH authorized_keys file modified - non-root users (ATT&CK T1563.001, T1021.004, T1098.004)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1011105* - Identified File Deletion From SMB Share (ATT&CK T1070.004)
DNS Server
1011102 - PowerDNS Authoritative Server Denial of Service Vulnerability (CVE-2021-36754)
Java RMI
1011078* - Atlassian Jira and Jira Service Management Data Center Insecure Deserialization Vulnerability (CVE-2020-36239)
Remote Login Applications
1004364* - TeamViewer (ATT&CK T1219)
Web Application Common
1011108 - GitStack Remote Code Execution Vulnerability (CVE-2018-5955) - 1
1011101 - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)
1009310* - Microsoft Exchange Server SSRF Vulnerability (CVE-2018-16793)
1011103 - PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)
Web Client Common
1011049* - Google Chrome V8 Type Confusion Vulnerability (CVE-2021-30551)
1010207* - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938)
Web Server Miscellaneous
1011099* - Jenkins 'Selenium HTML report' Plugin XML External Entity Injection Vulnerability (CVE-2021-21672)
Web Server Oracle
1011096* - Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2021-2394)
Integrity Monitoring Rules:
1002900* - Application - 3CDaemon
1002998* - Application - ARCserve Backup
1002851* - Application - Apache HTTP Server
1002853* - Application - Apache Tomcat
1003364* - Application - Exim
1003200* - Application - IBM DB2
1003077* - Application - IBM Lotus Domino
1003263* - Application - IBM Tivoli Directory Server
1003363* - Application - IPSwitch iMail
1003241* - Application - Ingres Database Server
1009060* - Application - Kubernetes Cluster master
1009434* - Application - Kubernetes Cluster node
1003039* - Application - MDaemon Email Server
1003040* - Application - MailEnable
1003092* - Application - Merak Mail Server
1003063* - Application - Microsoft Exchange
1002910* - Application - Microsoft IIS
1002999* - Application - Microsoft SQL Server
1003000* - Application - MySQL
1002914* - Application - NettermFTP
1003102* - Application - Novell eDirectory
1003090* - Application - Oracle Database Server
1003105* - Application - PostgreSQL
1003380* - Application - Squid Proxy
1003139* - Application - Sun ONE Application Server
1003142* - Application - Sun ONE Directory Server
1010055* - Application - Trend Micro ApexOne Server
1003019* - Application - Trend Micro Deep Security Agent / Relay
1003020* - Application - Trend Micro Deep Security Manager
1003744* - Application - Trend Micro OfficeScan Server
1003087* - Application - Trend Micro OfficeScan client
1003131* - Application - VMware Server
1002898* - Application - WS_FTP
1003403* - Application - WU-FTPD
1002849* - Application - WarFTPD
1003391* - Application - vsftpd
1011070* - Linux/Unix - SSH authorized_keys file modified - non-root users (ATT&CK T1563.001, T1021.004, T1098.004)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more