threat-intelligence-report

Trends

  • The top attacker country was China with 1893 unique attackers (25.76%)
  • The top Exploit event was Cross Site Scripting with 62% of occurrences


Top Attacker by Country

CountryOccurrencesPercentage
China189325.76%
United States183624.98%
France4766.48%
Brazil4385.96%
Russia3194.34%
Korea2913.96%
India2873.90%
United Kingdom2463.35%
Canada2162.94%
Germany1902.59%
Australia1682.29%
Netherlands1542.10%
Singapore1502.04%
Italy1431.95%
Taiwan1291.76%
Indonesia1271.73%
Vietnam1241.69%
Hong Kong861.17%
Argentina771.05%


Top Cyber Attackers by Country April 1-7 2019


Threat Geo-location

Cyber Security Threat Geolocations April 1-7 2019


Top Attacking Hosts

HostOccurrences
82.112.32.4589
193.235.51.11375
192.229.232.24067



Top Network Attackers

Origin ASAnnouncementDescription
AS4864282.112.32.0/19Joint stock company "For"
AS15133192.229.232.0/24MCI Communication Services, Inc. d/b/a Verizon Business



Top Event NIDS and Exploits

Top Event NIDS and Exploits April 1-7 2019


Top Alarms


Type of AlarmOccurrences
Network Discovery - Scan SSH2029
Stored Procedure Access - Attack1751
Attack Tool Detected - Attack853
WebServer Attack - Attack758
OTX Indicators of Compromise - PULSE113
Network Discovery - Scan SSH42
Trojan Infection - IDS Event12
Bruteforce Authentication - SSH6
WebServer Attack - XSS1

                 
Comparison from last week

Type of AlarmOccurrences
Red Piranha HIDS: IDS Event3073
Suspicious Behaviour - SSH276
OTX Indicators of Compromise - PULSE147
Stored Procedure Access - Attack55
Attack Tool Detected - Attack45
Bruteforce Authentication - SSH43
WebServer Attack - Attack39
Network Discovery - Scan SSH32
Hacking Tool - Squid Event8


   


CVE

This is a list of recent vulnerabilities for which exploits are available.

ID: CVE-2018-1335
Title: Apache Tika-server Command Injection Vulnerability
Vendor: Apache

ID: CVE-2019-0541
Title: Microsoft Windows MSHTML Remote Code Execution Vulnerability
Vendor: Microsoft

ID: CVE-2019-9787 
Title: WordPress Remote Code Execution Vulnerability
Vendor: WordPress

ID: CVE-2019-9740
Title: Python CRLF Injection Vulnerability
Vendor: Python

ID: CVE-2019-9741
Title: Golang Go HTTP response-splitting vulnerability
Vendor: Golang

ID: CVE-2019-9020, CVE-2019-9021, CVE-2019-9023, CVE-2019-9024
Title: PHP Information Disclosure and Heap Buffer Overflow Vulnerabilities
Vendor: PHP

ID: CVE-2019-5511, CVE-2019-5512
Title: VMware Workstation Multiple Privilege Escalation Vulnerabilities
Vendor: VMWare

ID: CVE-2019-5418, CVE-2019-5419, CVE-2019-5420
Title: Ruby on Rails Multiple Security Vulnerabilities
Vendor: Ruby on Rails


Vulnerabilities

Cisco IOS and IOS XE Software CVE-2018-15373 Denial of Service Vulnerability
2019-04-05
securityfocus.com/bid/105413

Cisco IOS Software CVE-2018-0473 Denial of Service Vulnerability
2019-04-05
securityfocus.com/bid/105427

Cisco IOS XE Software CVE-2018-0470 Denial of Service Vulnerability
2019-04-05
securityfocus.com/bid/105397

Cisco IOS and IOS XE Software CVE-2018-0466 Denial of Service Vulnerability
2019-04-05
securityfocus.com/bid/105403

Multiple Cisco Products CVE-2018-0472 Denial Of Service Vulnerability
2019-04-05
securityfocus.com/bid/105418

Google Android Qualcomm Components Multiple Security Vulnerabilities
2019-04-05
securityfocus.com/bid/105872

Cisco Small Business RV320 and RV325 Routers CVE-2019-1827 Cross Site Scripting Vulnerability
2019-04-04
securityfocus.com/bid/107776

Cisco Small Business RV320 and RV325 Routers CVE-2019-1828 Weak Encryption Security Weakness
2019-04-04
securityfocus.com/bid/107774

Omron CX-Programmer CVE-2019-6556 Arbitrary Code Execution Vulnerability
2019-04-04
securityfocus.com/bid/107773

Xen HLE Constructs Denial of Service Vulnerability
2019-04-03
securityfocus.com/bid/105954

Xen Multiple Privilege Escalation and Denial of Service Vulnerabilities
2019-04-03
securityfocus.com/bid/106182

Citrix XenServer Multiple Security Vulnerabilities
2019-04-03
securityfocus.com/bid/102129

Xen CVE-2017-17044 Denial of Service Vulnerability
2019-04-03
securityfocus.com/bid/102008

Drupal Core SA-CORE-2019-004 Cross Site Scripting Vulnerability
2019-04-03
securityfocus.com/bid/107497

libvirt CVE-2019-3886 Security Bypass Vulnerability
2019-04-03
securityfocus.com/bid/107777

CentOS Web Panel CVE-2019-10261 Multiple HTML Injection Vulnerabilities
2019-04-03
securityfocus.com/bid/107769

GNU wget CVE-2019-5953 Remote Buffer Overflow Vulnerability
2019-04-03
securityfocus.com/bid/107734

Symantec VIP Enterprise Gateway CVE-2019-9696 Cross Site Scripting Vulnerability
2019-04-03
securityfocus.com/bid/107692

Siemens SCALANCE X switches CVE-2019-6569 Security Weakness
2019-04-02
securityfocus.com/bid/107465

Linux kernel CVE-2019-3882 Local Denial of Service Vulnerability
2019-04-02
securityfocus.com/bid/107782

Fortinet FortiClient CVE-2019-5585 Access Bypass Vulnerability
2019-04-02
securityfocus.com/bid/107693

Advantech WebAccess/SCADA ICSA-19-092-01 Multiple Security Vulnerabilities
2019-04-02
securityfocus.com/bid/107675

Top Attacker Hosts April 1-7 2019
Details
Category
Threat Intelligence