Trends
The top attacker country was China with 2337 unique attackers (29.82%)
The top Exploit event was Shellcode with 50% of occurrences
Top Attacker by Country
Country | Occurrences | Percentage |
---|---|---|
China | 2337 | 29.82% |
United States | 1675 | 21.37% |
France | 544 | 6.94% |
Brazil | 430 | 5.49% |
Korea | 335 | 4.27% |
Russia | 303 | 3.87% |
India | 302 | 3.85% |
Canada | 250 | 3.19% |
United Kingdom | 246 | 3.14% |
Germany | 204 | 2.60% |
Vietnam | 173 | 2.21% |
Singapore | 157 | 2.00% |
Indonesia | 153 | 1.95% |
Netherlands | 153 | 1.95% |
Taiwan | 152 | 1.94% |
Italy | 140 | 1.79% |
Greece | 103 | 1.31% |
Australia | 92 | 1.17% |
Thailand | 89 | 1.14% |
Threat Geo-location
Top Attacking Hosts
Host | Occurrences |
---|---|
24.232.77.192 | 24 |
107.180.121.35 | 11 |
107.180.108.13 | 11 |
58.242.83.39 | 9 |
Top Network Attackers
Origin AS | Announcement | Description |
---|---|---|
AS10318 | 24.232.0.0/16 | Telecom Argentina S.A. |
AS26496 | 107.180.0.0/17 | GoDaddy.com, LLC |
AS4837 | 58.242.0.0/15 | China Unicom AnHui province network |
Top Event NIDS and Exploits
Top Alarms
Type of Alarm | Occurrences |
---|---|
OTX Indicators of Compromise - PULSE | 183 |
Attack Tool Detected - Attack | 40 |
Database Attack - Stored Procedure Access - Attack | 28 |
Network Discovery - Scan SSH | 27 |
Trojan Infection - IDS Event | 21 |
WebServer Attack - Attack | 8 |
Bruteforce Authentication - SSH | 7 |
Comparison from last week
Type of Alarm | Occurrences |
---|---|
Stored Procedure Access - Attack | 564 |
Attack Tool Detected - Attack | 310 |
WebServer Attack - Attack | 245 |
OTX Indicators of Compromise - PULSE | 153 |
Network Discovery - Scan SSH | 95 |
Network Discovery - IDS Event | 21 |
Bruteforce Authentication - SSH | 10 |
Trojan Infection - IDS Event | 3 |
WebServer Attack - XSS | 1 |
CVE
This is a list of recent vulnerabilities for which exploits are available.
ID: CVE-2019-0541
Title: Microsoft MSHTML Engine Remote Code Execution Vulnerability
Vendor: Microsoft
ID: CVE-2019-0859
Title: Microsoft Windows Elevation of Privilege Vulnerability
Vendor: Microsoft
ID: CVE-2019-0841
Title: Microsoft Windows Elevation of Privilege Vulnerability
Vendor: Microsoft
ID: CVE-2019-0232
Title: Apache Tomcat Remote Code Execution Vulnerability
Vendor: Apache
ID: CVE-2019-9730
Title: Synaptics Audio Driver Local Privilege Escalation Vulnerability (LEN-25822)
Vendor: Synaptics
ID: CVE-2018-18489
Title: TP-Link Devices Denial of Service Vulnerability
Vendor: TP-Link
ID: CVE-2019-5736
Title: Docker Runc Container Breakout Vulnerability
Vulnerabilities
Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2019-04-19
securityfocus.com/bid/104902
Linux Kernel CVE-2019-6974 Security Bypass Vulnerability
2019-04-19
securityfocus.com/bid/107127
Linux Kernel 'can_can_gw_rcv in net/can/gw.c' Local Denial of Service Vulnerability
2019-04-19
securityfocus.com/bid/106443
Linux Kernel 'ext4_ext_drop_refs()' Function Local Denial of Service Vulnerability
2019-04-19
securityfocus.com/bid/104878
OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2019-04-19
securityfocus.com/bid/105140
Linux Kernel 'fs/cifs/cifsencrypt.c' Denial of Service Vulnerability
2019-04-19
securityfocus.com/bid/103378
OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2019-04-19
securityfocus.com/bid/105758
Python CVE-2019-9636 Information Disclosure Vulnerability
2019-04-19
securityfocus.com/bid/107400
Linux Kernel Components Multiple Security Vulnerabilities
2019-04-19
securityfocus.com/bid/106503
OpenWSMAN CVE-2019-3816 Information Disclosure Vulnerability
2019-04-19
securityfocus.com/bid/107368
Ghostscript CVE-2019-3838 Security Bypass Vulnerability
2019-04-19
securityfocus.com/bid/107520
Mozilla Firefox Multiple Security Vulnerabilities
2019-04-19
securityfocus.com/bid/107487
RDP Client 'FreeRDP' And 'rdesktop' Multiple Security Vulnerabilities
2019-04-19
securityfocus.com/bid/106938
libssh2 Multiple Security Vulnerabilities
2019-04-19
securityfocus.com/bid/107485
Ghostscript CVE-2019-3835 Security Bypass Vulnerability
2019-04-19
securityfocus.com/bid/107855
Mozilla Firefox and Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2019-04-19
securityfocus.com/bid/107548
Microsoft Azure CVE-2019-0816 Security Bypass Vulnerability
2019-04-19
securityfocus.com/bid/107352
OpenSSH CVE-2018-20685 Access Bypass Vulnerability
2019-04-18
securityfocus.com/bid/106531
IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2019-04-18
securityfocus.com/bid/105118
Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2019-04-18
securityfocus.com/bid/97702
JQuery CVE-2015-9251 Cross Site Scripting Vulnerability
2019-04-18
securityfocus.com/bid/105658
FasterXML Jackson-databind CVE-2018-14718 Remote Code Execution Vulnerability
2019-04-18
securityfocus.com/bid/106601
FasterXML Jackson-databind CVE-2018-12023 Remote Code Execution Vulnerability
2019-04-17
securityfocus.com/bid/105659
Oracle Primavera Unifier Multiple Security Vulnerabilities
2019-04-17
securityfocus.com/bid/104823
Apache Tomcat CVE-2018-11784 Open Redirection Vulnerability
2019-04-17
securityfocus.com/bid/105524
Apache HTTP Server CVE-2018-11763 Denial of Service Vulnerability
2019-04-17
securityfocus.com/bid/105414
Bouncy Castle CVE-2018-1000180 Security Weakness
2019-04-17
securityfocus.com/bid/106567
Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2019-04-17
securityfocus.com/bid/93604
Oracle Enterprise Manager Ops Center CVE-2016-4000 Remote Security Vulnerability
2019-04-17
securityfocus.com/bid/105647