20-060 (December 1, 2020)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services - Client
1010585 - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client


Directory Server LDAP
1010640* - Identified Remote Account Discovery Over LDAP (ATT&CK T1087)
1010433* - Identified Remote System Discovery Over LDAP (ATT&CK T1018)


Java RMI
1010579* - Adobe ColdFusion 'DataServicesCFProxy ROME' Framework Insecure Deserialization Vulnerability (CVE-2018-4939)


NFS Server
1010605* - Microsoft Windows Network File System NLM RPC Message Information Disclosure Vulnerability (CVE-2020-17056)


Suspicious Server Application Activity
1010644 - Identified HTTP Trojan-Downloader.Shell.Lightbot.A C&C Traffic Request


Web Application Common
1010635* - Jenkins Groovy Plugin Sandbox Bypass Vulnerability (CVE-2019-1003030)


Web Server Common
1010630* - Trend Micro InterScan Web Security Virtual Appliance Command Injection Vulnerability (CVE-2020-8605)


Web Server Oracle
1010625* - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14825)
1010587* - Oracle WebLogic Server IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-14841)
1010624* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14825)
1010588* - Oracle WebLogic Server T3 Protocol Remote Code Execution Vulnerability (CVE-2020-14859)


Zoho ManageEngine
1010612* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15927)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010141* - Microsoft Windows - Export Certificate and Private Key