Rule Update
16-020 (June 28, 2016)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1006906* - Identified Usage Of PsExec Command Line Tool
NetBIOS Name Service
1007658 - Identified Too Many NBNS Response
1007700 - Identified WPAD NBNS Response From Suspicious Host
ODBC Server CitectSCADA
1002855* - CitectSCADA ODBC Server Remote Stack Buffer Overflow
Suspicious Client Application Activity
1007578* - Ransomware CryptFile
Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow
Web Client Common
1007678 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-4138)
1007697 - Adobe Flash Player DLL Hijacking Vulnerability Over WebDAV (CVE-2016-4140)
1007676 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-4136)
1007673 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4132)
1007674 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4133)
1007679 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4141)
1007687 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4150)
1007688 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4151)
1007689 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4152)
1007690 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4153)
1007691 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4154)
1007692 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4155)
1007693 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4156)
1007682 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4144)
1007686 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4149)
1007672 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4121)
1007680 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4142)
1007681 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4143)
1007683 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4146)
1007684 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4147)
1007685 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4148)
1007489* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0091)
1007490* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0092)
Web Client Internet Explorer/Edge
1007652* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)
Web Server Miscellaneous
1004007* - Adobe BlazeDS XML Injection And XML External Entity Injection Vulnerabilities
1007694 - Apache Struts REST Plugin DMI Remote Code Execution Vulnerability (CVE-2016-3087)
1007702 - Apache Struts REST Plugin Remote Code Execution Vulnerability (CVE-2016-4438)
1007701 - Apache Struts XSLTResult Remote Code Execution Vulnerability (CVE-2016-3082)
Windows Services RPC Client
1007695 - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002831* - Unix - Syslog
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1006906* - Identified Usage Of PsExec Command Line Tool
NetBIOS Name Service
1007658 - Identified Too Many NBNS Response
1007700 - Identified WPAD NBNS Response From Suspicious Host
ODBC Server CitectSCADA
1002855* - CitectSCADA ODBC Server Remote Stack Buffer Overflow
Suspicious Client Application Activity
1007578* - Ransomware CryptFile
Unix CVS
1000511* - CVS Annotate Command Long Revision String Buffer Overflow
Web Client Common
1007678 - Adobe Flash Player Buffer Overflow Vulnerability (CVE-2016-4138)
1007697 - Adobe Flash Player DLL Hijacking Vulnerability Over WebDAV (CVE-2016-4140)
1007676 - Adobe Flash Player Heap Overflow Vulnerability (CVE-2016-4136)
1007673 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4132)
1007674 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4133)
1007679 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4141)
1007687 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4150)
1007688 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4151)
1007689 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4152)
1007690 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4153)
1007691 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4154)
1007692 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4155)
1007693 - Adobe Flash Player Memory Corruption Vulnerability (CVE-2016-4156)
1007682 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4144)
1007686 - Adobe Flash Player Type Confusion Vulnerability (CVE-2016-4149)
1007672 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4121)
1007680 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4142)
1007681 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4143)
1007683 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4146)
1007684 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4147)
1007685 - Adobe Flash Player Use After Free Vulnerability (CVE-2016-4148)
1007489* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0091)
1007490* - Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0092)
Web Client Internet Explorer/Edge
1007652* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)
Web Server Miscellaneous
1004007* - Adobe BlazeDS XML Injection And XML External Entity Injection Vulnerabilities
1007694 - Apache Struts REST Plugin DMI Remote Code Execution Vulnerability (CVE-2016-3087)
1007702 - Apache Struts REST Plugin Remote Code Execution Vulnerability (CVE-2016-4438)
1007701 - Apache Struts XSLTResult Remote Code Execution Vulnerability (CVE-2016-3082)
Windows Services RPC Client
1007695 - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002831* - Unix - Syslog
Featured Stories
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more