threat-intelligence-repor

Trends

  • The top attacker country was China with 1893 unique attackers (25.76%)
  • The top Exploit event was Cross Site Scripting with 58% of occurrences


Top Attacker by Country

CountryOccurrencesPercentage
China189325.76%
United States183624.98%
France4766.48%
Brazil4385.96%
Korea3194.34%
Russia2913.96%
India2873.90%
United Kingdom2463.35%
Canada2162.94%
Germany1902.59%
Italy1682.29%
Singapore1542.10%
Australia1502.04%
Vietnam1431.95%
Netherlands1291.76%
Taiwan1271.73%
Indonesia1241.69%
Hong Kong861.17%
Thailand771.05%


Top Cyber Attackers by Country April 8-14 2019


Threat Geo-location

Cyber Security Threat Geolocations - April 8-14 2019


Top Attacking Hosts

HostOccurrences
41.78.216.18284
58.242.83.3956
130.0.27.1422
87.255.25.7621



Top Network Attackers

Origin ASAnnouncementDescription
AS3718741.78.216.0/22Access Communications Ltd
AS483758.242.0.0/15China Unicom AnHui Province Network
AS57388130.0.24.0/22I.B.C. shpk
AS3581087.255.24.0/21BIG TELECOM CLOSED JSC



Top Event NIDS and Exploits

Top Event NIDS and Exploits April 8-14 2019


Top Alarms


Type of AlarmOccurrences
Stored Procedure Access - Attack564
Attack Tool Detected - Attack310
WebServer Attack - Attack245
OTX Indicators of Compromise - PULSE153
Network Discovery - Scan SSH95
Network Discovery - IDS Event21
Bruteforce Authentication - SSH10
Trojan Infection - IDS Event3
WebServer Attack - XSS1

                 
Comparison from last week

Type of AlarmOccurrences
Network Discovery - Scan SSH2029
Stored Procedure Access - Attack1751
Attack Tool Detected - Attack853
WebServer Attack - Attack758
OTX Indicators of Compromise - PULSE113
Network Discovery - Scan SSH42
Trojan Infection - IDS Event12
Bruteforce Authentication - SSH6
WebServer Attack - XSS1



CVE

This is a list of recent vulnerabilities for which exploits are available.

ID: CVE-2019-3396
Title: Atlassian Confluence Server Remote Code Execution Vulnerability
Vendor: Atlassian

ID: CVE-2019-0211
Title: Apache HTTP Server Privilege Escalation From Modules Scripts
Vendor: Apache

ID: CVE-2019-10261
Title: CentOS Web Panel Multiple HTML Injection Vulnerabilities
Vendor: CentOS

ID: CVE-2019-0841
Title: Microsoft Windows Elevation of Privilege Vulnerability
Vendor: Microsoft

ID: CVE-2019-0803
Title: Microsoft Windows Win32k Elevation of Privilege Vulnerability
Vendor: Microsoft

ID: CVE-2019-9696
Title: Symantec VIP Enterprise Gateway Cross Site Scripting Vulnerability
Vendor: Symantec

ID: CVE-2019-7524
Title: Dovecot Stack Buffer Overflow Vulnerability
Vendor: Dovecot

ID: CVE-2018-10877
Title: Linux Kernel Local Denial of Service Vulnerability
Vendor: Linux

ID: CVE-2018-1731, CVE-2018-1913
Title: IBM Rational DOORS Next Generation Multiple Cross Site Scripting Vulnerabilities
Vendor: IBM

ID: CVE-2019-1827
Title: Cisco Small Business RV320 and RV325 Routers Cross Site Scripting Vulnerability
Vendor: Cisco


Vulnerabilities

Citrix XenServer Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/102129

Xen CVE-2017-15592 Denial of Service Vulnerability
2019-04-12
securityfocus.com/bid/101513

IBM BigFix Platform Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/101571

Tidy CVE-2017-13692 Denial of Service Vulnerability
2019-04-12
securityfocus.com/bid/100506

SAP NetWeaver Knowledge Management XMLForms Unspecified Cross Site Scripting Vulnerability
2019-04-12
securityfocus.com/bid/101826

WordPress Mobile App Builder By Wappress Plugin Arbitrary File Upload Vulnerability
2019-04-12
securityfocus.com/bid/96905

Google Android Framework Multiple Privilege Escalation Vulnerabilities
2019-04-12
securityfocus.com/bid/102131

SAP Single Sign On Denial of Service Vulnerability
2019-04-12
securityfocus.com/bid/95363

GraphicsMagick CVE-2016-7800 Heap Buffer Overflow Vulnerability
2019-04-12
securityfocus.com/bid/93262

Sauter NovaWeb Web HMI CVE-2016-10224 Authentication Bypass Vulnerability
2019-04-12
securityfocus.com/bid/94782

Apple iOS Prior to 10 Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/92932

Katello CVE-2016-9595 Local Code Execution Vulnerability
2019-04-12
securityfocus.com/bid/95080

Google Android Multiple Qualcomm Components Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/102073

Apple Safari APPLE-SA-2016-03-21-6 Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/85055

ImageMagick CVE-2016-10054 Buffer Overflow Vulnerability
2019-04-12
securityfocus.com/bid/95191

IBM Sametime Proxy Server Multiple Security Vulnerabilities
2019-04-12
securityfocus.com/bid/100572

Cacti Multiple SQL Injection Vulnerabilities
2019-04-12
securityfocus.com/bid/75972

Drupal Wishlist Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
2019-04-12
securityfocus.com/bid/72114

Juniper Junos CVE-2019-0031 Remote Denial of Service Vulnerability
2019-04-10
securityfocus.com/bid/107874

Juniper Junos CVE-2019-0038 Denial of Service Vulnerability
2019-04-10
securityfocus.com/bid/107873

Juniper Junos CVE-2019-0044 Remote Denial of Service Vulnerability
2019-04-10
securityfocus.com/bid/107872

GNU glibc CVE-2005-3590 Remote Buffer Overflow Vulnerability
2019-04-10
securityfocus.com/bid/107871

Top Attacker Hosts April 8-14 2019
Details
Category
Threat Intelligence