Rule Update
19-042 (August 13, 2019)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Database PostgreSQL
1009865 - PostgreSQL Database Password Change Stack Buffer Overflow Vulnerability (CVE-2019-10164)
Microsoft Office
1009909 - Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1201)
Web Client Internet Explorer/Edge
1009904 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1139)
1009905 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1140)
1009906 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1141)
1009907 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1195)
1009903 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1196)
1009908 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1197)
Web Server Oracle
1009345 - Oracle WebLogic Server Java Deserialization Remote Code Execution Vulnerability
Windows SMB Server
1009511* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630)
Integrity Monitoring Rules:
1009622* - .bash_profile and .bashrc (ATT&CK T1156)
1009629* - AppCert DLLs (ATT&CK T1182)
1009628* - AppInit DLLs (ATT&CK T1103)
1009639* - Application Shimming (ATT&CK T1138)
1009643* - Clear Command History (ATT&CK T1146)
1009895 - Component Object Model Hijacking (ATT&CK T1122, T1112)
1009710* - Install Root Certificate (ATT&CK T1130)
1009745* - Linux - Removable Devices Detected (ATT&CK T1092)
1002859* - Local Security Authority (LSA) Notification/Authentication Packages modified (ATT&CK T1131,T1174)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050,T1036)
1005645* - Microsoft Windows - AutoRun Registry Entries Modified (ATT&CK T1013)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK T1013)
1008257* - Microsoft Windows - USB Storage Device Detected (ATT&CK T1092)
1009638* - NetSh Helper DLL (ATT&CK T1128)
1009704* - Port Monitor (ATT&CK T1013)
1009618* - PowerShell & CommandLine (ATT&CK T1086,T1059)
1009670* - Service Registry Permissions Weakness (ATT&CK T1058)
1006076* - Task Scheduler Entries Modified (ATT&CK T1168)
1009672* - Time Providers (ATT&CK T1209)
1009626* - Windows Accessibility Features - ImageFileExecution (ATT&CK T1015,T1183)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Database PostgreSQL
1009865 - PostgreSQL Database Password Change Stack Buffer Overflow Vulnerability (CVE-2019-10164)
Microsoft Office
1009909 - Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1201)
Web Client Internet Explorer/Edge
1009904 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1139)
1009905 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1140)
1009906 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1141)
1009907 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1195)
1009903 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1196)
1009908 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1197)
Web Server Oracle
1009345 - Oracle WebLogic Server Java Deserialization Remote Code Execution Vulnerability
Windows SMB Server
1009511* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630)
Integrity Monitoring Rules:
1009622* - .bash_profile and .bashrc (ATT&CK T1156)
1009629* - AppCert DLLs (ATT&CK T1182)
1009628* - AppInit DLLs (ATT&CK T1103)
1009639* - Application Shimming (ATT&CK T1138)
1009643* - Clear Command History (ATT&CK T1146)
1009895 - Component Object Model Hijacking (ATT&CK T1122, T1112)
1009710* - Install Root Certificate (ATT&CK T1130)
1009745* - Linux - Removable Devices Detected (ATT&CK T1092)
1002859* - Local Security Authority (LSA) Notification/Authentication Packages modified (ATT&CK T1131,T1174)
1002781* - Microsoft Windows - Attributes of a service modified (ATT&CK T1050,T1036)
1005645* - Microsoft Windows - AutoRun Registry Entries Modified (ATT&CK T1013)
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK T1013)
1008257* - Microsoft Windows - USB Storage Device Detected (ATT&CK T1092)
1009638* - NetSh Helper DLL (ATT&CK T1128)
1009704* - Port Monitor (ATT&CK T1013)
1009618* - PowerShell & CommandLine (ATT&CK T1086,T1059)
1009670* - Service Registry Permissions Weakness (ATT&CK T1058)
1006076* - Task Scheduler Entries Modified (ATT&CK T1168)
1009672* - Time Providers (ATT&CK T1209)
1009626* - Windows Accessibility Features - ImageFileExecution (ATT&CK T1015,T1183)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more