Threat Intelligence Report - April 15-21, 2019

Trends

The top attacker country was China with 2337 unique attackers (29.82%)
The top Exploit event was Shellcode with 50% of occurrences

Top Attacker by Country

Country	Occurrences	Percentage
China	2337	29.82%
United States	1675	21.37%
France	544	6.94%
Brazil	430	5.49%
Korea	335	4.27%
Russia	303	3.87%
India	302	3.85%
Canada	250	3.19%
United Kingdom	246	3.14%
Germany	204	2.60%
Vietnam	173	2.21%
Singapore	157	2.00%
Indonesia	153	1.95%
Netherlands	153	1.95%
Taiwan	152	1.94%
Italy	140	1.79%
Greece	103	1.31%
Australia	92	1.17%
Thailand	89	1.14%

Top Cyber Attackers by Country April 15-21 2019

Threat Geo-location

Top Attacking Hosts

Host	Occurrences
24.232.77.192	24
107.180.121.35	11
107.180.108.13	11
58.242.83.39	9

Top Network Attackers

Origin AS	Announcement	Description
AS10318	24.232.0.0/16	Telecom Argentina S.A.
AS26496	107.180.0.0/17	GoDaddy.com, LLC
AS4837	58.242.0.0/15	China Unicom AnHui province network

Top Event NIDS and Exploits

Top Alarms

Type of Alarm	Occurrences
OTX Indicators of Compromise - PULSE	183
Attack Tool Detected - Attack	40
Database Attack - Stored Procedure Access - Attack	28
Network Discovery - Scan SSH	27
Trojan Infection - IDS Event	21
WebServer Attack - Attack	8
Bruteforce Authentication - SSH	7

Comparison from last week

Type of Alarm	Occurrences
Stored Procedure Access - Attack	564
Attack Tool Detected - Attack	310
WebServer Attack - Attack	245
OTX Indicators of Compromise - PULSE	153
Network Discovery - Scan SSH	95
Network Discovery - IDS Event	21
Bruteforce Authentication - SSH	10
Trojan Infection - IDS Event	3
WebServer Attack - XSS	1

CVE

This is a list of recent vulnerabilities for which exploits are available.

ID: CVE-2019-0541
Title: Microsoft MSHTML Engine Remote Code Execution Vulnerability
Vendor: Microsoft

ID: CVE-2019-0859
Title: Microsoft Windows Elevation of Privilege Vulnerability
Vendor: Microsoft

ID: CVE-2019-0841
Title: Microsoft Windows Elevation of Privilege Vulnerability
Vendor: Microsoft

ID: CVE-2019-0232
Title: Apache Tomcat Remote Code Execution Vulnerability
Vendor: Apache

ID: CVE-2019-9730
Title: Synaptics Audio Driver Local Privilege Escalation Vulnerability (LEN-25822)
Vendor: Synaptics

ID: CVE-2018-18489
Title: TP-Link Devices Denial of Service Vulnerability
Vendor: TP-Link

ID: CVE-2019-5736
Title: Docker Runc Container Breakout Vulnerability

Vulnerabilities

Linux Kernel CVE-2018-10879 Local Denial of Service Vulnerability
2019-04-19

Linux Kernel CVE-2019-6974 Security Bypass Vulnerability
2019-04-19

Linux Kernel 'can_can_gw_rcv in net/can/gw.c' Local Denial of Service Vulnerability
2019-04-19

Linux Kernel 'ext4_ext_drop_refs()' Function Local Denial of Service Vulnerability
2019-04-19

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2019-04-19

Linux Kernel 'fs/cifs/cifsencrypt.c' Denial of Service Vulnerability
2019-04-19

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2019-04-19

Python CVE-2019-9636 Information Disclosure Vulnerability
2019-04-19

Linux Kernel Components Multiple Security Vulnerabilities
2019-04-19

OpenWSMAN CVE-2019-3816 Information Disclosure Vulnerability
2019-04-19

Ghostscript CVE-2019-3838 Security Bypass Vulnerability
2019-04-19

Mozilla Firefox Multiple Security Vulnerabilities
2019-04-19

RDP Client 'FreeRDP' And 'rdesktop' Multiple Security Vulnerabilities
2019-04-19

libssh2 Multiple Security Vulnerabilities
2019-04-19

Ghostscript CVE-2019-3835 Security Bypass Vulnerability
2019-04-19

Mozilla Firefox and Firefox ESR Remote Memory Corruption and Buffer Overflow Vulnerabilities
2019-04-19

Microsoft Azure CVE-2019-0816 Security Bypass Vulnerability
2019-04-19

OpenSSH CVE-2018-20685 Access Bypass Vulnerability
2019-04-18

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2019-04-18

Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
2019-04-18

JQuery CVE-2015-9251 Cross Site Scripting Vulnerability
2019-04-18

FasterXML Jackson-databind CVE-2018-14718 Remote Code Execution Vulnerability
2019-04-18

FasterXML Jackson-databind CVE-2018-12023 Remote Code Execution Vulnerability
2019-04-17

Oracle Primavera Unifier Multiple Security Vulnerabilities
2019-04-17

Apache Tomcat CVE-2018-11784 Open Redirection Vulnerability
2019-04-17

Apache HTTP Server CVE-2018-11763 Denial of Service Vulnerability
2019-04-17

Bouncy Castle CVE-2018-1000180 Security Weakness
2019-04-17

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2019-04-17

Oracle Enterprise Manager Ops Center CVE-2016-4000 Remote Security Vulnerability
2019-04-17

Details

Date Published

April 22, 2019

Threat Intelligence Report - April 15-21, 2019

Trends

Top Attacker by Country

Threat Geo-location

Top Attacking Hosts

Top Network Attackers

Top Event NIDS and Exploits

Top Alarms

CVE

Vulnerabilities

Search

Categories

Questions?
Get in Touch

Subscribe to our weekly
Threat Intelligence Report

Subscribe to our
Newsletter

Trends

Top Attacker by Country

Threat Geo-location

Top Attacking Hosts

Top Network Attackers

Top Event NIDS and Exploits

Top Alarms

CVE

Vulnerabilities

Categories

Questions?​​​​​​​Get in Touch

Subscribe to our weekly Threat Intelligence Report

Subscribe to our Newsletter

Questions?
Get in Touch

Subscribe to our weekly
Threat Intelligence Report

Subscribe to our
Newsletter