Threat_Intelligence_Report

Trends



  • The top attacker country was China with 2357 unique attackers (27.58%)
  • The top Exploit event was SQL Injection with 77% of occurrences.



Top Attacker by Country


CountryNo. of AttackersOccurrences
China235727.58%
United States164919.30%
Brazil5896.89%
France5516.45%
Russian Federation4565.34%
India3784.42%
Korea3684.31%
United Kingdom2352.75%
Canada2172.54%
Indonesia2092.45%
Vietnam2062.41%
Taiwan2022.36%
Netherlands1902.22%
Germany1862.18%
Italy1742.04%
Malaysia1201.40%
Colombia1201.40%
Singapore1161.36%
Argentina1141.33%
Australia1091.28%


Top Cyber Attackers by Country February 11-17 2019




Threat Geo-location


Cyber Security Threat Geolocations February 11-17 2019



Top Attacking Hosts


HostOccurrences
188.168.154.4890
212.237.0.9973




Top Network Attackers


Origin ASAnnouncementDescription
AS15774188.168.0.0/16Closed Joint Stock Company TransTeleCom
AS31034212.237.0.0/18Aruba Business S.R.L.



Exploit Event Types and Top Event NIDS


Top Event NIDS and Exploits February 11-17 2019



Top Alarms



Type of AlarmNo. of Occurrences
IDS Event6670
Environmental Awareness - OTX Indicators of Compromise - PULSE283
Reconnaissance & Probing — DatabaseAttack - Stored Procedure Access — Attack182
Reconnaissance & Probing — Attack Tool detected — Attack92
Delivery & Attack — WebServer Attack — Attack41
Reconnaissance & Probing — Attack Tool detected — SSH22
Delivery & Attack — Bruteforce Authentication — SSH8
Exploitation & Installation — WebServer Attack — XSS3
Environmental Awareness — Trojan infection — IDS Event2




CVE


ID:  CVE-2018-8653
Title: Microsoft Scripting Engine Memory Corruption Vulnerability
Vendor: Microsoft
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

ID: CVE-2018-11776  
Title: Apache Struts 2 Namespace Remote Code Execution Vulnerability (S2-057)
Vendor: Apache Software Foundation
Description: Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

ID: CVE-2018-2628 
Title: Oracle Weblogic Deserialization Remote Code Execution Vulnerability
Vendor: Oracle
Description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

ID:  CVE-2018-8174
Title: Windows VBScript Engine Remote Code Execution Vulnerability
Vendor: Microsoft
Description: The VBScript engine contains a remote code execution vulnerability due to how it handles objects in memory. An attacker could execute arbitrary code in the context of the current user.
CVSS v2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

ID : CVE-2019-5736
Title: runc Container Breakout
Vendor: Open Container Initiative
Description: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
This vulnerability is currently undergoing analysis.
Severity : High



Vulnerabilities


Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
2019-02-15
securityfocus.com/bid/105108

Mozilla Firefox and Firefox ESR CVE-2019-5785 Integer Overflow Vulnerability
2019-02-15
securityfocus.com/bid/107008

Google Chrome Prior to 71.0.3578.80 Multiple Security Vulnerabilities
2019-02-15
securityfocus.com/bid/106084

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2019-02-14
securityfocus.com/bid/92630

Apache JSPWiki CVE-2018-20242 Cross Site Scripting Vulnerability
2019-02-14
securityfocus.com/bid/106804

Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
2019-02-14
securityfocus.com/bid/101560

ISC DHCP CVE-2018-5732 Remote Buffer Overflow Vulnerability
2019-02-14
securityfocus.com/bid/103187

ISC BIND CVE-2017-3145 Remote Denial of Service Vulnerability
2019-02-14
securityfocus.com/bid/102716

Linux Kernel CVE-2017-7895 Multiple Security Bypass Vulnerabilities
2019-02-14
securityfocus.com/bid/98085

oVirt Virtual Desktop Server Manager CVE-2019-3831 Local Privilege Escalation Vulnerability
2019-02-14
securityfocus.com/bid/107037

Mozilla Thunderbird CVE-2018-18509 Security Bypass Vulnerability
2019-02-14
securityfocus.com/bid/107034

Pangea Communications Internet FAX ATA ICSA-19-045-01 Authentication Bypass Vulnerability
2019-02-14
securityfocus.com/bid/107031

Multiple gpsd Products CVE-2018-17937 Stack-Based Buffer Overflow Vulnerability
2019-02-14
securityfocus.com/bid/107029

Symantec Norton Password Manager CVE-2018-18365 IP Address Spoofing Vulnerability
2019-02-14
securityfocus.com/bid/106953

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2019-02-13
securityfocus.com/bid/104976

OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2019-02-13
securityfocus.com/bid/103518

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2019-02-13
securityfocus.com/bid/104442

OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
2019-02-13
securityfocus.com/bid/103766

Apache CXF CVE-2018-8039 TLS Hostname Verification Security Bypass Vulnerability
2019-02-13
securityfocus.com/bid/106357

SAP Note Assistant XML External Entity Injection Vulnerability
2019-02-13
securityfocus.com/bid/99027

TIBCO Silver Fabric CVE-2018-12409 Cross Site Scripting Vulnerability
2019-02-13
securityfocus.com/bid/107024

Atlassian JIRA CVE-2018-20232 Cross Site Scripting Vulnerability
2019-02-13
securityfocus.com/bid/107023

Top Cyber Security Alarms February 11-17 2019
Details