Trends
- The top attacker country was China with 2357 unique attackers (27.58%)
- The top Exploit event was SQL Injection with 77% of occurrences.
Top Attacker by Country
| Country | No. of Attackers | Occurrences |
|---|---|---|
| China | 2357 | 27.58% |
| United States | 1649 | 19.30% |
| Brazil | 589 | 6.89% |
| France | 551 | 6.45% |
| Russian Federation | 456 | 5.34% |
| India | 378 | 4.42% |
| Korea | 368 | 4.31% |
| United Kingdom | 235 | 2.75% |
| Canada | 217 | 2.54% |
| Indonesia | 209 | 2.45% |
| Vietnam | 206 | 2.41% |
| Taiwan | 202 | 2.36% |
| Netherlands | 190 | 2.22% |
| Germany | 186 | 2.18% |
| Italy | 174 | 2.04% |
| Malaysia | 120 | 1.40% |
| Colombia | 120 | 1.40% |
| Singapore | 116 | 1.36% |
| Argentina | 114 | 1.33% |
| Australia | 109 | 1.28% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 188.168.154.48 | 90 |
| 212.237.0.99 | 73 |
Top Network Attackers
| Origin AS | Announcement | Description |
|---|---|---|
| AS15774 | 188.168.0.0/16 | Closed Joint Stock Company TransTeleCom |
| AS31034 | 212.237.0.0/18 | Aruba Business S.R.L. |
Exploit Event Types and Top Event NIDS
Top Alarms
| Type of Alarm | No. of Occurrences |
|---|---|
| IDS Event | 6670 |
| Environmental Awareness - OTX Indicators of Compromise - PULSE | 283 |
| Reconnaissance & Probing — DatabaseAttack - Stored Procedure Access — Attack | 182 |
| Reconnaissance & Probing — Attack Tool detected — Attack | 92 |
| Delivery & Attack — WebServer Attack — Attack | 41 |
| Reconnaissance & Probing — Attack Tool detected — SSH | 22 |
| Delivery & Attack — Bruteforce Authentication — SSH | 8 |
| Exploitation & Installation — WebServer Attack — XSS | 3 |
| Environmental Awareness — Trojan infection — IDS Event | 2 |
CVE
ID: CVE-2018-8653
Title: Microsoft Scripting Engine Memory Corruption Vulnerability
Vendor: Microsoft
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ID: CVE-2018-11776
Title: Apache Struts 2 Namespace Remote Code Execution Vulnerability (S2-057)
Vendor: Apache Software Foundation
Description: Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ID: CVE-2018-2628
Title: Oracle Weblogic Deserialization Remote Code Execution Vulnerability
Vendor: Oracle
Description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
ID: CVE-2018-8174
Title: Windows VBScript Engine Remote Code Execution Vulnerability
Vendor: Microsoft
Description: The VBScript engine contains a remote code execution vulnerability due to how it handles objects in memory. An attacker could execute arbitrary code in the context of the current user.
CVSS v2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
ID : CVE-2019-5736
Title: runc Container Breakout
Vendor: Open Container Initiative
Description: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
This vulnerability is currently undergoing analysis.
Severity : High
Vulnerabilities
Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
2019-02-15
securityfocus.com/bid/105108
Mozilla Firefox and Firefox ESR CVE-2019-5785 Integer Overflow Vulnerability
2019-02-15
securityfocus.com/bid/107008
Google Chrome Prior to 71.0.3578.80 Multiple Security Vulnerabilities
2019-02-15
securityfocus.com/bid/106084
SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability
2019-02-14
securityfocus.com/bid/92630
Apache JSPWiki CVE-2018-20242 Cross Site Scripting Vulnerability
2019-02-14
securityfocus.com/bid/106804
Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
2019-02-14
securityfocus.com/bid/101560
ISC DHCP CVE-2018-5732 Remote Buffer Overflow Vulnerability
2019-02-14
securityfocus.com/bid/103187
ISC BIND CVE-2017-3145 Remote Denial of Service Vulnerability
2019-02-14
securityfocus.com/bid/102716
Linux Kernel CVE-2017-7895 Multiple Security Bypass Vulnerabilities
2019-02-14
securityfocus.com/bid/98085
oVirt Virtual Desktop Server Manager CVE-2019-3831 Local Privilege Escalation Vulnerability
2019-02-14
securityfocus.com/bid/107037
Mozilla Thunderbird CVE-2018-18509 Security Bypass Vulnerability
2019-02-14
securityfocus.com/bid/107034
Pangea Communications Internet FAX ATA ICSA-19-045-01 Authentication Bypass Vulnerability
2019-02-14
securityfocus.com/bid/107031
Multiple gpsd Products CVE-2018-17937 Stack-Based Buffer Overflow Vulnerability
2019-02-14
securityfocus.com/bid/107029
Symantec Norton Password Manager CVE-2018-18365 IP Address Spoofing Vulnerability
2019-02-14
securityfocus.com/bid/106953
Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2019-02-13
securityfocus.com/bid/104976
OpenSSL CVE-2018-0739 Denial of Service Vulnerability
2019-02-13
securityfocus.com/bid/103518
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2019-02-13
securityfocus.com/bid/104442
OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
2019-02-13
securityfocus.com/bid/103766
Apache CXF CVE-2018-8039 TLS Hostname Verification Security Bypass Vulnerability
2019-02-13
securityfocus.com/bid/106357
SAP Note Assistant XML External Entity Injection Vulnerability
2019-02-13
securityfocus.com/bid/99027
TIBCO Silver Fabric CVE-2018-12409 Cross Site Scripting Vulnerability
2019-02-13
securityfocus.com/bid/107024
Atlassian JIRA CVE-2018-20232 Cross Site Scripting Vulnerability
2019-02-13
securityfocus.com/bid/107023
