Threat_Intelligence_Report

Trends



  • United States is on top of the list with 1481 unique attackers (24.7%)
  • OTX Pulse was the Top Alarm of the week with 90 occurrences
  • The exploit event type on top this week was Command Execution with 77% occurrences.



Top Attacker by Country


CountryNo. of Attackers
United States1481
China1292
France398
Brazil363
Russian Federation330
India258
United Kingdom199
Netherlands199
Republic of Korea194
Vietnam194
Germany163
Taiwan150
Canada147
Australia138
Ukraine116
Indonesia108
Italy104
Singapore94
Colombia78


Top Cyber Attackers by Country  December 3-9 2018



Threat Geo-location





Top Attacking Hosts


HostOccurrences
13.107.4.5019
185.10.68.15317
185.244.25.16516
185.244.25.16716
185.244.25.22816
117.18.237.2916
37.48.76.5115
159.203.169.1615




Top Alarms


AlarmNo. of Occurrences
OTX Indicators of Compromise - PULSE90
Bruteforce Authentication - SSH32
Attack Tool Detected - Attack1


Comparison from Previous Report


AlarmNo. of Occurrences
Bruteforce Authentication - SSH239
OTX Indicators of Compromise - PULSE107
Attack Tool Detected - Attack8
WebServer Attack - Attack3




Exploit Event Types and Top Event NIDS


Top Event NIDS and Exploits December 3-9 2018



CVE


CVE-2018-20029
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
nvd.nist.gov/vuln/detail/CVE-2018-20029

CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
nvd.nist.gov/vuln/detail/CVE-2018-1279

CVE-2018-15800
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
nvd.nist.gov/vuln/detail/CVE-2018-15800

CVE-2018-20029
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
nvd.nist.gov/vuln/detail/CVE-2018-20029

CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
nvd.nist.gov/vuln/detail/CVE-2018-1279

CVE-2018-15800
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
nvd.nist.gov/vuln/detail/CVE-2018-15800

CVE-2018-15805
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
nvd.nist.gov/vuln/detail/CVE-2018-15805

CVE-2018-16635
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
nvd.nist.gov/vuln/detail/CVE-2018-16635

CVE-2018-16636
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
nvd.nist.gov/vuln/detail/CVE-2018-16636

CVE-2018-20029
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
nvd.nist.gov/vuln/detail/CVE-2018-20029

CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
nvd.nist.gov/vuln/detail/CVE-2018-1279

CVE-2018-15800
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
nvd.nist.gov/vuln/detail/CVE-2018-15800

CVE-2018-15805
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
nvd.nist.gov/vuln/detail/CVE-2018-15805

CVE-2018-16635
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
nvd.nist.gov/vuln/detail/CVE-2018-16635

CVE-2018-16636
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
nvd.nist.gov/vuln/detail/CVE-2018-16636

CVE-2018-15805
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
nvd.nist.gov/vuln/detail/CVE-2018-15805

CVE-2018-16635
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
nvd.nist.gov/vuln/detail/CVE-2018-16635

CVE-2018-16636
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
nvd.nist.gov/vuln/detail/CVE-2018-16636​​​​​​​


Vulnerabilities


Cyber Security Threat Geolocations December 3-9 2018
Details