Threat Intelligence Report - April 8-14, 2019

Trends

The top attacker country was China with 1893 unique attackers (25.76%)
The top Exploit event was Cross Site Scripting with 58% of occurrences

Top Attacker by Country

Country	Occurrences	Percentage
China	1893	25.76%
United States	1836	24.98%
France	476	6.48%
Brazil	438	5.96%
Korea	319	4.34%
Russia	291	3.96%
India	287	3.90%
United Kingdom	246	3.35%
Canada	216	2.94%
Germany	190	2.59%
Italy	168	2.29%
Singapore	154	2.10%
Australia	150	2.04%
Vietnam	143	1.95%
Netherlands	129	1.76%
Taiwan	127	1.73%
Indonesia	124	1.69%
Hong Kong	86	1.17%
Thailand	77	1.05%

Top Cyber Attackers by Country April 8-14 2019

Threat Geo-location

Top Attacking Hosts

Host	Occurrences
41.78.216.182	84
58.242.83.39	56
130.0.27.14	22
87.255.25.76	21

Top Network Attackers

Origin AS	Announcement	Description
AS37187	41.78.216.0/22	Access Communications Ltd
AS4837	58.242.0.0/15	China Unicom AnHui Province Network
AS57388	130.0.24.0/22	I.B.C. shpk
AS35810	87.255.24.0/21	BIG TELECOM CLOSED JSC

Top Event NIDS and Exploits

Top Alarms

Type of Alarm	Occurrences
Stored Procedure Access - Attack	564
Attack Tool Detected - Attack	310
WebServer Attack - Attack	245
OTX Indicators of Compromise - PULSE	153
Network Discovery - Scan SSH	95
Network Discovery - IDS Event	21
Bruteforce Authentication - SSH	10
Trojan Infection - IDS Event	3
WebServer Attack - XSS	1

Comparison from last week

Type of Alarm	Occurrences
Network Discovery - Scan SSH	2029
Stored Procedure Access - Attack	1751
Attack Tool Detected - Attack	853
WebServer Attack - Attack	758
OTX Indicators of Compromise - PULSE	113
Network Discovery - Scan SSH	42
Trojan Infection - IDS Event	12
Bruteforce Authentication - SSH	6
WebServer Attack - XSS	1

CVE

This is a list of recent vulnerabilities for which exploits are available.

ID: CVE-2019-3396
Title: Atlassian Confluence Server Remote Code Execution Vulnerability
Vendor: Atlassian

ID: CVE-2019-0211
Title: Apache HTTP Server Privilege Escalation From Modules Scripts
Vendor: Apache

ID: CVE-2019-10261
Title: CentOS Web Panel Multiple HTML Injection Vulnerabilities
Vendor: CentOS

ID: CVE-2019-0841
Title: Microsoft Windows Elevation of Privilege Vulnerability
Vendor: Microsoft

ID: CVE-2019-0803
Title: Microsoft Windows Win32k Elevation of Privilege Vulnerability
Vendor: Microsoft

ID: CVE-2019-9696
Title: Symantec VIP Enterprise Gateway Cross Site Scripting Vulnerability
Vendor: Symantec

ID: CVE-2019-7524
Title: Dovecot Stack Buffer Overflow Vulnerability
Vendor: Dovecot

ID: CVE-2018-10877
Title: Linux Kernel Local Denial of Service Vulnerability
Vendor: Linux

ID: CVE-2018-1731, CVE-2018-1913
Title: IBM Rational DOORS Next Generation Multiple Cross Site Scripting Vulnerabilities
Vendor: IBM

ID: CVE-2019-1827
Title: Cisco Small Business RV320 and RV325 Routers Cross Site Scripting Vulnerability
Vendor: Cisco

Vulnerabilities

Citrix XenServer Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/102129

Xen CVE-2017-15592 Denial of Service Vulnerability
2019-04-12
securityfocus.com/bid/101513

IBM BigFix Platform Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/101571

Tidy CVE-2017-13692 Denial of Service Vulnerability
2019-04-12
securityfocus.com/bid/100506

SAP NetWeaver Knowledge Management XMLForms Unspecified Cross Site Scripting Vulnerability
2019-04-12
securityfocus.com/bid/101826

WordPress Mobile App Builder By Wappress Plugin Arbitrary File Upload Vulnerability
2019-04-12
securityfocus.com/bid/96905

Google Android Framework Multiple Privilege Escalation Vulnerabilities
2019-04-12
securityfocus.com/bid/102131

SAP Single Sign On Denial of Service Vulnerability
2019-04-12
securityfocus.com/bid/95363

GraphicsMagick CVE-2016-7800 Heap Buffer Overflow Vulnerability
2019-04-12
securityfocus.com/bid/93262

Sauter NovaWeb Web HMI CVE-2016-10224 Authentication Bypass Vulnerability
2019-04-12
securityfocus.com/bid/94782

Apple iOS Prior to 10 Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/92932

Katello CVE-2016-9595 Local Code Execution Vulnerability
2019-04-12
securityfocus.com/bid/95080

Google Android Multiple Qualcomm Components Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/102073

Apple Safari APPLE-SA-2016-03-21-6 Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/85055

ImageMagick CVE-2016-10054 Buffer Overflow Vulnerability
2019-04-12
securityfocus.com/bid/95191

IBM Sametime Proxy Server Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/100572

Cacti Multiple SQL Injection Vulnerabilities
2019-04-12
securityfocus.com/bid/75972

Drupal Wishlist Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
2019-04-12
securityfocus.com/bid/72114

Juniper Junos CVE-2019-0031 Remote Denial of Service Vulnerability
2019-04-10
securityfocus.com/bid/107874

Juniper Junos CVE-2019-0038 Denial of Service Vulnerability
2019-04-10
securityfocus.com/bid/107873

Juniper Junos CVE-2019-0044 Remote Denial of Service Vulnerability
2019-04-10
securityfocus.com/bid/107872

GNU glibc CVE-2005-3590 Remote Buffer Overflow Vulnerability
2019-04-10
securityfocus.com/bid/107871

Details

Threat Intelligence Report - April 8-14, 2019

Trends

Top Attacker by Country

Threat Geo-location

Top Attacking Hosts

Top Network Attackers

Top Event NIDS and Exploits

Top Alarms

CVE

Vulnerabilities

Search

Categories

Questions?
Get in Touch

Subscribe to our weekly
Threat Intelligence Report

Trends

Top Attacker by Country

Threat Geo-location

Top Attacking Hosts

Top Network Attackers

Top Event NIDS and Exploits

Top Alarms

CVE

Vulnerabilities

Categories

Questions?​​​​​​​Get in Touch

Subscribe to our weekly Threat Intelligence Report

Questions?
Get in Touch

Subscribe to our weekly
Threat Intelligence Report