Rule Update

20-050 (September 29, 2020)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009703* - Identified Domain-Level Permission Groups Discovery Over SMB (ATT&CK T1069)


DNS Server
1010511 - ISC BIND TCP Receive Buffer Length Assertion Denial Of Service Vulnerability (CVE-2020-8620)


Directory Server LDAP
1010433* - Identified Remote System Discovery Over LDAP (ATT&CK T1018)


FTP Server Miscellaneous
1010531 - Vesta Control Panel Authenticated Remote Code Execution Vulnerability (CVE-2020-10808)


Microsoft Office
1010525 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-1193)


NodeJS Debugging Protocol
1010497 - NodeJS Debugger Usage Attempt Vulnerability (CVE-2018-12120)


Web Application Common
1010529 - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1010334* - Telerik UI For ASP.NET AJAX Insecure Deserialization Vulnerability (CVE-2019-18935)


Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)


Web Server Common
1010498* - Nagios XI Authenticated Remote Command Execution Vulnerability (CVE-2019-15949)


Web Server HTTPS
1010535 - Anttispi Webshell C&C Traffic
1010534 - MuddyWater Download Request
1010524 - Ptrpmpx Webshell C&C Traffic
1010530 - Ptrpmpx Webshell C&C Traffic - 1


Web Server Miscellaneous
1010516* - Jenkins Amazon EC2 Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-2186)


Web Server Nagios
1010369 - Nagios XI 'utils-rrdexport.inc.php' Command Injection Vulnerability
1010504* - Nagios XI account 'main.php' Stored Cross-Site Scripting Vulnerability (CVE-2020-10821)


Windows Services RPC Server DCERPC
1010539 - Identified NTLM Brute Force Attempt (ZeroLogon) (CVE-2020-1472)
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.