Ruleset Update Summary - 2023/12/08 - v10482

Summary:

7 new OPEN, 7 new PRO (7 + 0)


Added rules:

Open:

  • 2049623 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22522 Vulnerable Server Detected M1 Version 4.x-7.x (web_specific_apps.rules)
  • 2049624 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22522 Vulnerable Server Detected M2 Version 4.x-7.x (web_specific_apps.rules)
  • 2049625 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22522 Vulnerable Server Detected Version 8.x M1 (web_specific_apps.rules)
  • 2049626 - ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22522 Vulnerable Server Detected Version 8.x M2 (web_specific_apps.rules)
  • 2049627 - ET EXPLOIT Suspected WordPress Plugin Royal Elementor RCE (CVE-2023-5360) (exploit.rules)
  • 2049628 - ET MOBILE_MALWARE Fake Rocket Alerts App Sending Phone Information (POST) (mobile_malware.rules)
  • 2049629 - ET MALWARE Observed Malicious SSL Cert (Silver Keylogger) (malware.rules)

Disabled and modified rules:

  • 2048501 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (configuratorpro .com) (exploit_kit.rules)
  • 2048502 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (antiqueglossary .com) (exploit_kit.rules)
  • 2048503 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (configuratorpro .com) (exploit_kit.rules)
  • 2048504 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (antiqueglossary .com) (exploit_kit.rules)