Cisco Talos Update for FireSIGHT Management Center

Date: 2020-01-30

This SRU number: 2020-01-30-001
Previous SRU number: 2020-01-28-001

Applies to:

This SEU number: 2118
Previous SEU: 2116

Applies to:

This is the complete list of rules added in SRU 2020-01-30-001 and SEU 2118.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Cisco Talos policy, Connectivity, Balanced, Security, and Maximum Detection.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
152981FILE-MULTIMEDIAWM Downloader malformed .m3u file buffer overflow attemptoffoffoffdrop
152982MALWARE-OTHERWin.Trojan.Hyperbro variant payload download attemptoffoffdropdrop
152983MALWARE-OTHERWin.Trojan.Hyperbro variant payload download attemptoffoffdropdrop
152984BROWSER-IEMicrosoft Internet Explorer improper copy buffer access information disclosure attemptoffoffoffdrop
152985BROWSER-IEMicrosoft Internet Explorer improper copy buffer access information disclosure attemptoffoffoffdrop
152986BROWSER-IEMicrosoft Edge scripting engine memory corruption attemptoffoffoffdrop
152987BROWSER-IEMicrosoft Edge scripting engine memory corruption attemptoffdropdropdrop
152988BROWSER-IEMicrosoft Edge scripting engine memory corruption attemptoffoffoffdrop
152989BROWSER-IEMicrosoft Edge scripting engine memory corruption attemptoffdropdropdrop
152990MALWARE-OTHERWin.Trojan.VBGeneric-7565256-0 download attemptoffoffdropdrop
152991BROWSER-OTHERMultiple products Content-Type HTTP header buffer overflow attemptoffoffoffdrop
152992MALWARE-OTHERWin.Trojan.Ponystealer-7564561-0 download attemptoffoffdropdrop
352993POLICY-OTHERCisco Small Business Series Switches admin settings page access detectedoffoffoffoff
352994POLICY-OTHERCisco Small Business Series Switches device configuration page access detectedoffoffoffoff
352995POLICY-OTHERCisco Small Business Series Switches device configuration page access detectedoffoffoffoff
352997SERVER-WEBAPPCisco Small Business Series Switches cross site scripting attemptoffoffdropdrop
152999MALWARE-OTHERWin.Packed.Agen-7564625-0 download attemptoffoffoffdrop
353000FILE-OTHERTRUFFLEHUNTER TALOS-2020-0983 attack attemptoffoffdropdrop
353001FILE-OTHERTRUFFLEHUNTER TALOS-2020-0983 attack attemptoffoffdropdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.Max.
352996SERVER-WEBAPPCisco Small Business Series Switches information disclosure attemptoffoffdropdrop
352998SERVER-WEBAPPCisco Small Business Series Switches denial of service attemptoffoffdropdrop