Trends
- The top attacker country was United States with 918 unique attackers (23%)
- The top Exploit event was Miscellaneous with 44% of occurrences
Top Attacker by Country
| Country | Occurrences | Percentage |
|---|---|---|
| United States | 918 | 23.00% |
| China | 898 | 22.50% |
| Vietnam | 281 | 7.04% |
| Russian Federation | 254 | 6.36% |
| Brazil | 209 | 5.24% |
| India | 166 | 4.16% |
| Egypt | 152 | 3.81% |
| France | 143 | 3.58% |
| Germany | 135 | 3.38% |
| Republic of Korea | 131 | 3.28% |
| Netherlands | 105 | 2.63% |
| United Kingdom | 95 | 2.38% |
| Canada | 89 | 2.23% |
| Taiwan | 85 | 2.13% |
| Indonesia | 81 | 2.03% |
| Thailand | 79 | 1.98% |
| Hong Kong | 65 | 1.63% |
| Mexico | 54 | 1.35% |
| Italy | 51 | 1.28% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 71.6.146.185 | 22 |
| 71.6.146.186 | 16 |
| 185.94.111.1 | 16 |
| 74.82.47.5 | 14 |
Top Network Attackers
| Origin AS | Announcement | Description |
|---|---|---|
| AS10439 | 71.6.128.0/17 | CariNet, Inc |
| AS197068 | 185.94.108.0/22 | HLL LLC |
Top Event NIDS and Exploits
Top Alarms
| Type of Alarm | Occurrences |
|---|---|
| Automated Actionable Intelligence IOC's | 199 |
| Trojan Infection - IDS Event | 87 |
| Network Discovery - IDS Event | 13 |
| Bruteforce Authentication | 11 |
| Comparison from last week |
|---|
| Type of Alarm | Occurrences |
|---|---|
| Database Attack - Stored Procedure Access - Attack | 2698 |
| Web Server Attack - Attack | 1032 |
| Network Discovery - IDS Event | 306 |
| Automated Actionable Intelligence IOC's | 175 |
| Trojan Infection - IDS Event | 163 |
| Attack Tool Detected - Attack | 84 |
| Bruteforce Authentication - SSH | 38 |
| WebServer Attack - XSS | 1 |
CVE
This is a list of recent vulnerabilities for which exploits are available.
ID: CVE-2019-12570
Description: A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters.
Vendor: Xpertsol
Publish Date: 2019-07-03 Last Update Date: 2019-07-05
CVSS Score: 6.5
ID: CVE-2019-10137
Description: A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.
Vendor: RedHat
Publish Date : 2019-07-02 Last Update Date : 2019-07-07
CVSS Score: 7.5
ID: CVE-2019-7670
Description: Prima Systems FlexAir devices allow Authenticated Command Injection resulting in Root Remote Code Execution.
Vendor: PrismaSystems
Publish Date: 2019-07-01 Last Update Date: 2019-07-03
CVSS Score: 9.0
ID: CVE-2019-5630
Description: A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.
Vendor: Rapid7
Publish Date : 2019-07-03 Last Update Date : 2019-07-05
CVSS Score: 6.8
ID: CVE-2019-4087
Description: IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510.
Publish Date: 2019-07-02 Last Update Date: 2019-07-03
CVSS Score: 10.0
Vulnerabilities
Red Hat Undertow CVE-2019-3888 Information Disclosure Vulnerability
2019-07-05
securityfocus.com/bid/108739
Linux Kernel CVE-2019-11478 Denial of Service Vulnerability
2019-07-04
securityfocus.com/bid/108798
Cisco Advanced Malware Protection CVE-2019-1932 Local Command Injection Vulnerability
2019-07-03
securityfocus.com/bid/109050
Cisco Web Security Appliance CVE-2019-1886 Remote Denial of Service Vulnerability
2019-07-03
securityfocus.com/bid/109049
Cisco Firepower Management Center RSS Multiple Cross Site Scripting Vulnerabilities
2019-07-03
securityfocus.com/bid/109047
Cisco Email Security Appliance CVE-2019-1921 Remote Security Bypass Vulnerability
2019-07-03
securityfocus.com/bid/109044
Cisco IOS XR Software CVE-2019-1909 Denial of Service Vulnerability
2019-07-03
securityfocus.com/bid/109043
Cisco Enterprise NFV Infrastructure Software CVE-2019-1894 Arbitrary File Overwrite Vulnerability
2019-07-03
securityfocus.com/bid/109037
Cisco Enterprise NFV Infrastructure Software CVE-2019-1893 Local Command Injection Vulnerability
2019-07-03
securityfocus.com/bid/109036
