Threat Intelligence Report - April 15-21, 2019

Trends

The top attacker country was China with 2337 unique attackers (29.82%)
The top Exploit event was Shellcode with 50% of occurrences

Top Attacker by Country

Country	Occurrences	Percentage
China	2337	29.82%
United States	1675	21.37%
France	544	6.94%
Brazil	430	5.49%
Korea	335	4.27%
Russia	303	3.87%
India	302	3.85%
Canada	250	3.19%
United Kingdom	246	3.14%
Germany	204	2.60%
Vietnam	173	2.21%
Singapore	157	2.00%
Indonesia	153	1.95%
Netherlands	153	1.95%
Taiwan	152	1.94%
Italy	140	1.79%
Greece	103	1.31%
Australia	92	1.17%
Thailand	89	1.14%

Top Cyber Attackers by Country April 15-21 2019

Threat Geo-location

Top Attacking Hosts

Host	Occurrences
24.232.77.192	24
107.180.121.35	11
107.180.108.13	11
58.242.83.39	9

Top Network Attackers

Origin AS	Announcement	Description
AS10318	24.232.0.0/16	Telecom Argentina S.A.
AS26496	107.180.0.0/17	GoDaddy.com, LLC
AS4837	58.242.0.0/15	China Unicom AnHui province network

Top Event NIDS and Exploits

Top Alarms

Type of Alarm	Occurrences
OTX Indicators of Compromise - PULSE	183
Attack Tool Detected - Attack	40
Database Attack - Stored Procedure Access - Attack	28
Network Discovery - Scan SSH	27
Trojan Infection - IDS Event	21
WebServer Attack - Attack	8
Bruteforce Authentication - SSH	7

Comparison from last week

Type of Alarm	Occurrences
Stored Procedure Access - Attack	564
Attack Tool Detected - Attack	310
WebServer Attack - Attack	245
OTX Indicators of Compromise - PULSE	153
Network Discovery - Scan SSH	95
Network Discovery - IDS Event	21
Bruteforce Authentication - SSH	10
Trojan Infection - IDS Event	3
WebServer Attack - XSS	1

CVE

This is a list of recent vulnerabilities for which exploits are available.

ID: CVE-2019-0541
Title: Microsoft MSHTML Engine Remote Code Execution Vulnerability
Vendor: Microsoft

ID: CVE-2019-0859
Title: Microsoft Windows Elevation of Privilege Vulnerability
Vendor: Microsoft

ID: CVE-2019-0841
Title: Microsoft Windows Elevation of Privilege Vulnerability
Vendor: Microsoft

ID: CVE-2019-0232
Title: Apache Tomcat Remote Code Execution Vulnerability
Vendor: Apache

ID: CVE-2019-9730
Title: Synaptics Audio Driver Local Privilege Escalation Vulnerability (LEN-25822)
Vendor: Synaptics

ID: CVE-2018-18489
Title: TP-Link Devices Denial of Service Vulnerability
Vendor: TP-Link

ID: CVE-2019-5736
Title: Docker Runc Container Breakout Vulnerability

Vulnerabilities

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2019-04-19
securityfocus.com/bid/104902

Linux Kernel CVE-2019-6974 Security Bypass Vulnerability
2019-04-19
securityfocus.com/bid/107127

Linux Kernel 'can_can_gw_rcv in net/can/gw.c' Local Denial of Service Vulnerability
2019-04-19
securityfocus.com/bid/106443

Linux Kernel 'ext4_ext_drop_refs()' Function Local Denial of Service Vulnerability
2019-04-19
securityfocus.com/bid/104878

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2019-04-19
securityfocus.com/bid/105140

Linux Kernel 'fs/cifs/cifsencrypt.c' Denial of Service Vulnerability
2019-04-19
securityfocus.com/bid/103378

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2019-04-19
securityfocus.com/bid/105758

Python CVE-2019-9636 Information Disclosure Vulnerability
2019-04-19
securityfocus.com/bid/107400

Linux Kernel Components Multiple Security Vulnerabilities
2019-04-19
securityfocus.com/bid/106503

OpenWSMAN CVE-2019-3816 Information Disclosure Vulnerability
2019-04-19
securityfocus.com/bid/107368

Ghostscript CVE-2019-3838 Security Bypass Vulnerability
2019-04-19
securityfocus.com/bid/107520

Mozilla Firefox Multiple Security Vulnerabilities
2019-04-19
securityfocus.com/bid/107487

RDP Client 'FreeRDP' And 'rdesktop' Multiple Security Vulnerabilities
2019-04-19
securityfocus.com/bid/106938

libssh2 Multiple Security Vulnerabilities
2019-04-19
securityfocus.com/bid/107485

Ghostscript CVE-2019-3835 Security Bypass Vulnerability
2019-04-19
securityfocus.com/bid/107855

Mozilla Firefox and Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2019-04-19
securityfocus.com/bid/107548

Microsoft Azure CVE-2019-0816 Security Bypass Vulnerability
2019-04-19
securityfocus.com/bid/107352

OpenSSH CVE-2018-20685 Access Bypass Vulnerability
2019-04-18
securityfocus.com/bid/106531

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2019-04-18
securityfocus.com/bid/105118

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2019-04-18
securityfocus.com/bid/97702

JQuery CVE-2015-9251 Cross Site Scripting Vulnerability
2019-04-18
securityfocus.com/bid/105658

FasterXML Jackson-databind CVE-2018-14718 Remote Code Execution Vulnerability
2019-04-18
securityfocus.com/bid/106601

FasterXML Jackson-databind CVE-2018-12023 Remote Code Execution Vulnerability
2019-04-17
securityfocus.com/bid/105659

Oracle Primavera Unifier Multiple Security Vulnerabilities
2019-04-17
securityfocus.com/bid/104823

Apache Tomcat CVE-2018-11784 Open Redirection Vulnerability
2019-04-17
securityfocus.com/bid/105524

Apache HTTP Server CVE-2018-11763 Denial of Service Vulnerability
2019-04-17
securityfocus.com/bid/105414

Bouncy Castle CVE-2018-1000180 Security Weakness
2019-04-17
securityfocus.com/bid/106567

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2019-04-17
securityfocus.com/bid/93604

Oracle Enterprise Manager Ops Center CVE-2016-4000 Remote Security Vulnerability
2019-04-17
securityfocus.com/bid/105647

Details

Threat Intelligence Report - April 15-21, 2019

Trends

Top Attacker by Country

Threat Geo-location

Top Attacking Hosts

Top Network Attackers

Top Event NIDS and Exploits

Top Alarms

CVE

Vulnerabilities

Search

Categories

Questions?
Get in Touch

Subscribe to our weekly
Threat Intelligence Report

Trends

Top Attacker by Country

Threat Geo-location

Top Attacking Hosts

Top Network Attackers

Top Event NIDS and Exploits

Top Alarms

CVE

Vulnerabilities

Categories

Questions?​​​​​​​Get in Touch

Subscribe to our weekly Threat Intelligence Report

Questions?
Get in Touch

Subscribe to our weekly
Threat Intelligence Report