threat-intelligence-report

Trends

  • The top attacker country was United States with 1172 unique attackers (24%).
  • The top Exploit event was SSH Attack Tool with 97% of occurrences.
  • The top Trojan C&C server detected was TrickBot with 24 instances detected.


Top Attacker by Country

CountryOccurrencesPercentage

United States117223.51%

China100220.10%

Vietnam3627.26%

Brazil2665.33%

Republic of Korea2545.09%

Russian Federation2484.97%

India2364.73%

France2244.49%

Egypt1963.93%

Germany1693.39%

United Kingdom1292.59%

Indonesia1242.49%

Thailand1112.23%

Canada1102.21%

Taiwan971.95%

Netherlands841.68%

Singapore711.42%

Hong Kong661.32%

Greece651.30%


Top Cyber Attackers by Country July 22-28 2019


Threat Geo-location



Top Attacking Hosts

HostOccurrences

121.212.253.135133

218.91.1.131133

112.85.42.194128

112.85.42.23889

218.92.0.21079

49.88.112.7140

114.67.227.15732

218.92.0.16731



Top Network Attackers

Origin ASAnnouncementDescription

AS1221121.208.0.0/12Telstra Internet

AS4134218.91.0.0/16CHINANET Jiangsu province

AS4837112.80.0.0/13China Unicom Jiangsu province


Top Event NIDS and Exploits



Top Alarms

                 

Type of AlarmOccurrences

Bruteforce Authentication2637

Network Discovery14

Network Anomaly2


Comparison from last week 

Type of AlarmOccurrences

Attack Tool SSH2563

Network Anomaly263

Network Discovery141

Bruteforce Authentication58



Remote Access Trojan C&C Servers Found

NameNumber DiscoveredLocation

Trickbot24178.157.82.177, 178.157.82.60, 185.135.81.95, 185.141.25.116, 185.186.77.248, 185.205.210.58, 185.206.145.100, 185.206.146.178, 85.61.148.203, 185.61.148.65, 185.65.202.102, 185.98.87.113, 192.243.103.153, 92.3.83.168, 193.37.212.249, 194.32.77.81, 23.94.137.10, 37.44.212.120, 45.15.253.61, 5.196.195.6, 51.254.69.233, 80.87.199.224, 85.143.218.104, 92.119.114.186

LokiBot13192.185.73.57, 104.27.135.106, 185.55.227.119, 109.94.209.52, 164.160.91.21, 89.108.103.19, 185.80.129.141, 91.211.244.226, 85.187.128.8, 45.64.104.39, 51.15.169.58, 185.246.67.156, 185.55.227.119

CometBot1185.130.125.114

AzorUlt3103.229.72.62, 51.91.19.20, 91.211.244.226

Anubis2185.8.177.138, 185.80.129.141

KPOT291.211.244.226

Predator2185.80.129.141, 190.97.167.143

Pony15.45.66.235



CVE

This is a list of recent vulnerabilities for which exploits are available.

ID: CVE-2019-13962
Title: VideoLAN VLC Heap Based Buffer Overflow Vulnerability
Description: VideoLAN VLC is exposed to a heap based buffer overflow vulnerability. lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player has a heap based buffer over read because it does not properly validate the width and height. Attackers can exploit this issue to cause a denial of service condition, denying service to legitimate users.
Vendor: VideoLAN
Publish Date: 2019-18-07 Last Update Date: 2019-23-07
CVSS Score    7.5
 
ID: CVE-2019-1579
Title: Palo Alto Networks PAN-OS Multiple Remote Code Execution Vulnerabilities
Description: Palo Alto Networks PAN-OS is exposed to multiple remote code execution vulnerabilities. Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. Successfully exploiting these issues may result in the execution of arbitrary code in the context of the affected application.
Vendor: Palo Alto Networks
Publish Date : 2019-19-07    Last Update Date : 2019-25-07
CVSS Score    6.8

ID: CVE-2019-0211
Title: Apache HTTP Server Local Privilege Escalation Vulnerability
Description: Description: Apache HTTP Server is exposed to a local privilege escalation vulnerability. In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. An attacker can exploit this issue to gain elevated privileges on the affected application.
Vendor: Apache
Publish Date : 2019-08-04    Last Update Date : 2019-11-06
CVSS Score    7.2

ID: CVE-2019-2725
Title: Oracle WebLogic Server Deserialization Remote Command Execution Vulnerability
Description: Oracle WebLogic Server is exposed to a remote command execution vulnerability. Attackers can exploit this issue to execute an arbitrary command within the context of a user running the affected application. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
Vendor: Oracle
Publish Date : 2019-26-04    Last Update Date : 2019-05-07
CVSS Score    7.5

ID: CVE-2017-14735
Title: OWASP AntiSamy Cross Site Scripting Vulnerability
Description: OWASP AntiSamy is exposed to a cross site scripting vulnerability because it fails to properly sanitize user supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Vendor: Apache    
Publish Date : 2017-25-09    Last Update Date : 2019-16-01
CVSS Score    4.3

ID: CVE-2019-13345
Title: Squid Multiple Cross Site Scripting Vulnerabilities
Description: Squid is exposed to multiple cross site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie based authentication credentials and launch other attacks. 
Vendor: Squid
Publish Date : 2019-05-07    Last Update Date : 2019-15-07
CVSS Score    4.3

ID: CVE-2019-1010142
Title: Scapy '_RADIUSAttrPacketListField' Class Remote Denial of Service Vulnerability
Description: Description: Scapy is exposed to a remote denial of service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. 
Vendor: Scapy    
CVSS Score    5.0


Vulnerabilities

KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability
2019-07-25
securityfocus.com/bid/98412

FreeBSD CVE-2019-5604 Out of Bounds Read Denial of Service Vulnerability
2019-07-25
securityfocus.com/bid/109369

Exim CVE-2019-13917 Privilege Escalation Vulnerability
2019-07-24
securityfocus.com/bid/109338

Libdwarf CVE-2019-14249 Remote Denial Of Service Vulnerability
2019-07-24
securityfocus.com/bid/109380

McAfee Data Loss Prevention Endpoint for Windows Multiple Local Security Vulnerabilities
2019-07-24
securityfocus.com/bid/109377

Drupal SA-CONTRIB-2019-059 Access Bypass Vulnerability
2019-07-24
securityfocus.com/bid/109372

Drupal Existing Values Autocomplete Widget Module Access Bypass Vulnerability
2019-07-24
securityfocus.com/bid/109371

GNU GDB CVE-2019-1010180 Remote Buffer Overflow Vulnerability
2019-07-24
securityfocus.com/bid/109367

FreeBSD CVE-2019-5607 Local Privilege Escalation Vulnerabiity
2019-07-24
securityfocus.com/bid/109366

Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability
2019-07-24
securityfocus.com/bid/109363

Ansible CVE-2019-10206 Remote Information Disclosure Vulnerability
2019-07-24
securityfocus.com/bid/109361

GNU Binutils 'libiberty' CVE-2019-14250 Integer Overflow Vulnerability
2019-07-24
securityfocus.com/bid/109354

Scapy '_RADIUSAttrPacketListField' Class Remote Denial of Service Vulnerability
2019-07-23
securityfocus.com/bid/106674

FFmpeg CVE-2019-12730 Security Bypass Vulnerability
2019-07-23
securityfocus.com/bid/109317

McAfee Data Loss Prevention Endpoint for Windows Multiple Local Security Vulnerabilities
2019-07-23
securityfocus.com/bid/109370

HAProxy CVE-2019-14241 Remote Denial of Service Vulnerability
2019-07-23
securityfocus.com/bid/109352

D-Link DSL-2750U Multiple Authentication Bypass Vulnerabilities
2019-07-23
securityfocus.com/bid/109351

Mitsubishi Electric FR Configurator2 ICSA-19-204-01 Multiple Security Vulnerabilities
2019-07-23
securityfocus.com/bid/109350

National Renewable Energy Laboratory EnergyPlus Local Stack Based Buffer Overflow Vulnerability
2019-07-23
securityfocus.com/bid/109349

Poppler CVE-2019-9959 Integer Overflow Vulnerability
2019-07-23
securityfocus.com/bid/109342

FortiOS IPS engine CVE-2019-5592 Man in the Middle Information Disclosure Vulnerability
2019-07-23
securityfocus.com/bid/109337

Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability
2019-07-22
securityfocus.com/bid/108410

Apple iOS and watchOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109343

Apple watchOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109340

Microsoft Windows 'OleCreateFontIndirectExt' Out of Bounds Read Information Disclosure Vulnerability
2019-07-22
securityfocus.com/bid/109335

Apple iOS and tvOS CVE-2019-8698 Security Bypass Vulnerability
2019-07-22
securityfocus.com/bid/109334

Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109332

Apple iOS/watchOS/tvOS CVE-2019-8647 Use After Free Remote Code Execution Vulnerability
2019-07-22
securityfocus.com/bid/109330

WebKit Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109329

WebKit Cross Site Scripting and Multiple Memory Corruption Vulnerabilities
2019-07-22
securityfocus.com/bid/109328

Apple Safari and macOS CVE-2019-8670 Address Bar Spoofing Vulnerability
2019-07-22
securityfocus.com/bid/109327

Apple iOS CVE-2019-8699 Security Bypass Vulnerability
2019-07-22
securityfocus.com/bid/109325

Apple macOS and iOS CVE-2019-8663 Information Disclosure Vulnerability
2019-07-22
securityfocus.com/bid/109324

Cyber Security Threat Geolocations July 22-28 2019
Details