Skip to main content

Threat Management changelog

- Changelog 2023.04.18

    * Updated process for Malware Detection to avoid falsely discarding malicious files.
    * 8 new WAF rules. (1 Zeroday, 5 CVE patches, 1 rule against RCE malware, 1 WP login attempt rule)
                - Rule ID: 406019 - Patching CVE-2023-0554 | Enabled by default in all BitNinja recommended rulesets.
                - Rule ID: 406020 - Patching CVE-2022-0513 | Enabled by default in all BitNinja recommended rulesets.
                - Rule ID: 406021 - Patching CVE-2022-3180 | Enabled by default in all BitNinja recommended rulesets.
                - Rule ID: 406022 - Patching CVE-2022-45359 | Enabled by default in all BitNinja recommended rulesets.
                - Rule ID: 406023 - Patching CVE-2022-45359 | Enabled by default in all BitNinja recommended rulesets.
                - Rule ID: 406024 - Patching Zeroday WordPress Elementor Pro vulnerability | Enabled by default in all BitNinja recommended rulesets.
                - Rule ID: 409001 - Antimalware rule against the RCE malware family | Enabled by default in all BitNinja recommended rulesets.
                - Rule ID: 401006 - Special rule against false WP admin login attempts | Not enabled by default, can lead to some false positives, please use with caution
    * 2 New loganalysis rules                
                - Rule ID: 80_1_23 - Against spambots
                - Rule ID: 80_1_24 - Against Mozi.a/Mozi.m malware family
    * 13 new YARA rules against several different malware families         

- Changelog 2023.02.28 

    * Updated Whitelisted repositories.
    * Changes to several OWASP WAF rules to drastically decrease false positives.
    * Added signatures for several re-infecting malware.
    * Researching spam protection rules.
    * 5 New WAF rules. (3 zeroday vulnerabilities, 2 "inspector" rules)
                - Rule ID: 406016 - Patching [CVE-2023-23488] | Enabled by default in all BitNinja recommended rulesets
                - Rule ID: 406017 - Patching [CVE-2023-23489] | Enabled by default in all BitNinja recommended rulesets
                - Rule ID: 406018 - Patching [CVE-2023-23489] | Enabled by default in all BitNinja recommended rulesets
                - Rule ID: 400115 - "hidden, inspector rule" Helps eliminate false positives by setting a variable if an user is logged in to WordPress admin | Enabled by default, can not be disabled..
                - Rule ID: 400116 - "hidden, inspector rule" Helps eliminate false positives by inspecting payloads to xmlrpc.php to see if they are a valid XML methodCall | Enabled by default, can not be disabled.
    * Drastically reduced the number of restored malware.