Trends
- United States is on top of the list with 1481 unique attackers (24.7%)
- OTX Pulse was the Top Alarm of the week with 90 occurrences
- The exploit event type on top this week was Command Execution with 77% occurrences.
Top Attacker by Country
| Country | No. of Attackers |
|---|---|
| United States | 1481 |
| China | 1292 |
| France | 398 |
| Brazil | 363 |
| Russian Federation | 330 |
| India | 258 |
| United Kingdom | 199 |
| Netherlands | 199 |
| Republic of Korea | 194 |
| Vietnam | 194 |
| Germany | 163 |
| Taiwan | 150 |
| Canada | 147 |
| Australia | 138 |
| Ukraine | 116 |
| Indonesia | 108 |
| Italy | 104 |
| Singapore | 94 |
| Colombia | 78 |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 13.107.4.50 | 19 |
| 185.10.68.153 | 17 |
| 185.244.25.165 | 16 |
| 185.244.25.167 | 16 |
| 185.244.25.228 | 16 |
| 117.18.237.29 | 16 |
| 37.48.76.51 | 15 |
| 159.203.169.16 | 15 |
Top Alarms
| Alarm | No. of Occurrences |
|---|---|
| OTX Indicators of Compromise - PULSE | 90 |
| Bruteforce Authentication - SSH | 32 |
| Attack Tool Detected - Attack | 1 |
Comparison from Previous Report
| Alarm | No. of Occurrences |
|---|---|
| Bruteforce Authentication - SSH | 239 |
| OTX Indicators of Compromise - PULSE | 107 |
| Attack Tool Detected - Attack | 8 |
| WebServer Attack - Attack | 3 |
Exploit Event Types and Top Event NIDS
CVE
CVE-2018-20029
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
nvd.nist.gov/vuln/detail/CVE-2018-20029
CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
nvd.nist.gov/vuln/detail/CVE-2018-1279
CVE-2018-15800
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
nvd.nist.gov/vuln/detail/CVE-2018-15800
CVE-2018-20029
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
nvd.nist.gov/vuln/detail/CVE-2018-20029
CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
nvd.nist.gov/vuln/detail/CVE-2018-1279
CVE-2018-15800
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
nvd.nist.gov/vuln/detail/CVE-2018-15800
CVE-2018-15805
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
nvd.nist.gov/vuln/detail/CVE-2018-15805
CVE-2018-16635
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
nvd.nist.gov/vuln/detail/CVE-2018-16635
CVE-2018-16636
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
nvd.nist.gov/vuln/detail/CVE-2018-16636
CVE-2018-20029
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
nvd.nist.gov/vuln/detail/CVE-2018-20029
CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
nvd.nist.gov/vuln/detail/CVE-2018-1279
CVE-2018-15800
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
nvd.nist.gov/vuln/detail/CVE-2018-15800
CVE-2018-15805
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
nvd.nist.gov/vuln/detail/CVE-2018-15805
CVE-2018-16635
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
nvd.nist.gov/vuln/detail/CVE-2018-16635
CVE-2018-16636
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
nvd.nist.gov/vuln/detail/CVE-2018-16636
CVE-2018-15805
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).
nvd.nist.gov/vuln/detail/CVE-2018-15805
CVE-2018-16635
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
nvd.nist.gov/vuln/detail/CVE-2018-16635
CVE-2018-16636
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
nvd.nist.gov/vuln/detail/CVE-2018-16636
Vulnerabilities
