Rule Update
20-050 (29 settembre 2020)
Descrizione
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1009703* - Identified Domain-Level Permission Groups Discovery Over SMB (ATT&CK T1069)
DNS Server
1010511 - ISC BIND TCP Receive Buffer Length Assertion Denial Of Service Vulnerability (CVE-2020-8620)
Directory Server LDAP
1010433* - Identified Remote System Discovery Over LDAP (ATT&CK T1018)
FTP Server Miscellaneous
1010531 - Vesta Control Panel Authenticated Remote Code Execution Vulnerability (CVE-2020-10808)
Microsoft Office
1010525 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-1193)
NodeJS Debugging Protocol
1010497 - NodeJS Debugger Usage Attempt Vulnerability (CVE-2018-12120)
Web Application Common
1010529 - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1010334* - Telerik UI For ASP.NET AJAX Insecure Deserialization Vulnerability (CVE-2019-18935)
Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Common
1010498* - Nagios XI Authenticated Remote Command Execution Vulnerability (CVE-2019-15949)
Web Server HTTPS
1010535 - Anttispi Webshell C&C Traffic
1010534 - MuddyWater Download Request
1010524 - Ptrpmpx Webshell C&C Traffic
1010530 - Ptrpmpx Webshell C&C Traffic - 1
Web Server Miscellaneous
1010516* - Jenkins Amazon EC2 Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-2186)
Web Server Nagios
1010369 - Nagios XI 'utils-rrdexport.inc.php' Command Injection Vulnerability
1010504* - Nagios XI account 'main.php' Stored Cross-Site Scripting Vulnerability (CVE-2020-10821)
Windows Services RPC Server DCERPC
1010539 - Identified NTLM Brute Force Attempt (ZeroLogon) (CVE-2020-1472)
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1009703* - Identified Domain-Level Permission Groups Discovery Over SMB (ATT&CK T1069)
DNS Server
1010511 - ISC BIND TCP Receive Buffer Length Assertion Denial Of Service Vulnerability (CVE-2020-8620)
Directory Server LDAP
1010433* - Identified Remote System Discovery Over LDAP (ATT&CK T1018)
FTP Server Miscellaneous
1010531 - Vesta Control Panel Authenticated Remote Code Execution Vulnerability (CVE-2020-10808)
Microsoft Office
1010525 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-1193)
NodeJS Debugging Protocol
1010497 - NodeJS Debugger Usage Attempt Vulnerability (CVE-2018-12120)
Web Application Common
1010529 - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1010334* - Telerik UI For ASP.NET AJAX Insecure Deserialization Vulnerability (CVE-2019-18935)
Web Server Apache
1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Common
1010498* - Nagios XI Authenticated Remote Command Execution Vulnerability (CVE-2019-15949)
Web Server HTTPS
1010535 - Anttispi Webshell C&C Traffic
1010534 - MuddyWater Download Request
1010524 - Ptrpmpx Webshell C&C Traffic
1010530 - Ptrpmpx Webshell C&C Traffic - 1
Web Server Miscellaneous
1010516* - Jenkins Amazon EC2 Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-2186)
Web Server Nagios
1010369 - Nagios XI 'utils-rrdexport.inc.php' Command Injection Vulnerability
1010504* - Nagios XI account 'main.php' Stored Cross-Site Scripting Vulnerability (CVE-2020-10821)
Windows Services RPC Server DCERPC
1010539 - Identified NTLM Brute Force Attempt (ZeroLogon) (CVE-2020-1472)
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.