Skip to main content

Threat Management changelog

- Changelog 2023.04.18

* Updated process for Malware Detection to avoid falsely discarding malicious files.
* 8 new WAF rules. (1 Zeroday, 5 CVE patches, 1 rule against RCE malware, 1 WP login attempt rule)
- Rule ID: 406019 - Patching CVE-2023-0554 | Enabled by default in all BitNinja recommended rulesets.
- Rule ID: 406020 - Patching CVE-2022-0513 | Enabled by default in all BitNinja recommended rulesets.
- Rule ID: 406021 - Patching CVE-2022-3180 | Enabled by default in all BitNinja recommended rulesets.
- Rule ID: 406022 - Patching CVE-2022-45359 | Enabled by default in all BitNinja recommended rulesets.
- Rule ID: 406023 - Patching CVE-2022-45359 | Enabled by default in all BitNinja recommended rulesets.
- Rule ID: 406024 - Patching Zeroday WordPress Elementor Pro vulnerability | Enabled by default in all BitNinja recommended rulesets.
- Rule ID: 409001 - Antimalware rule against the RCE malware family | Enabled by default in all BitNinja recommended rulesets.
- Rule ID: 401006 - Special rule against false WP admin login attempts | Not enabled by default, can lead to some false positives, please use with caution
* 2 New loganalysis rules
- Rule ID: 80_1_23 - Against spambots
- Rule ID: 80_1_24 - Against Mozi.a/Mozi.m malware family
* 13 new YARA rules against several different malware families

- Changelog 2023.02.28

* Updated Whitelisted repositories.
* Changes to several OWASP WAF rules to drastically decrease false positives.
* Added signatures for several re-infecting malware.
* Researching spam protection rules.
* 5 New WAF rules. (3 zeroday vulnerabilities, 2 "inspector" rules)
- Rule ID: 406016 - Patching [CVE-2023-23488] | Enabled by default in all BitNinja recommended rulesets
- Rule ID: 406017 - Patching [CVE-2023-23489] | Enabled by default in all BitNinja recommended rulesets
- Rule ID: 406018 - Patching [CVE-2023-23489] | Enabled by default in all BitNinja recommended rulesets
- Rule ID: 400115 - "hidden, inspector rule" Helps eliminate false positives by setting a variable if an user is logged in to WordPress admin | Enabled by default, can not be disabled..
- Rule ID: 400116 - "hidden, inspector rule" Helps eliminate false positives by inspecting payloads to xmlrpc.php to see if they are a valid XML methodCall | Enabled by default, can not be disabled.
* Drastically reduced the number of restored malware.