Trends
- The top attacker country was United States with 1172 unique attackers (24%).
- The top Exploit event was SSH Attack Tool with 97% of occurrences.
- The top Trojan C&C server detected was TrickBot with 24 instances detected.
Top Attacker by Country
CountryOccurrencesPercentage
United States117223.51%
China100220.10%
Vietnam3627.26%
Brazil2665.33%
Republic of Korea2545.09%
Russian Federation2484.97%
India2364.73%
France2244.49%
Egypt1963.93%
Germany1693.39%
United Kingdom1292.59%
Indonesia1242.49%
Thailand1112.23%
Canada1102.21%
Taiwan971.95%
Netherlands841.68%
Singapore711.42%
Hong Kong661.32%
Greece651.30%
Threat Geo-location
Top Attacking Hosts
HostOccurrences
121.212.253.135133
218.91.1.131133
112.85.42.194128
112.85.42.23889
218.92.0.21079
49.88.112.7140
114.67.227.15732
218.92.0.16731
Top Network Attackers
Origin ASAnnouncementDescription
AS1221121.208.0.0/12Telstra Internet
AS4134218.91.0.0/16CHINANET Jiangsu province
AS4837112.80.0.0/13China Unicom Jiangsu province
Top Event NIDS and Exploits
Top Alarms
Type of AlarmOccurrences
Bruteforce Authentication2637
Network Discovery14
Network Anomaly2
Comparison from last week
Type of AlarmOccurrences
Attack Tool SSH2563
Network Anomaly263
Network Discovery141
Bruteforce Authentication58
Remote Access Trojan C&C Servers Found
NameNumber DiscoveredLocation
Trickbot24178.157.82.177, 178.157.82.60, 185.135.81.95, 185.141.25.116, 185.186.77.248, 185.205.210.58, 185.206.145.100, 185.206.146.178, 85.61.148.203, 185.61.148.65, 185.65.202.102, 185.98.87.113, 192.243.103.153, 92.3.83.168, 193.37.212.249, 194.32.77.81, 23.94.137.10, 37.44.212.120, 45.15.253.61, 5.196.195.6, 51.254.69.233, 80.87.199.224, 85.143.218.104, 92.119.114.186
LokiBot13192.185.73.57, 104.27.135.106, 185.55.227.119, 109.94.209.52, 164.160.91.21, 89.108.103.19, 185.80.129.141, 91.211.244.226, 85.187.128.8, 45.64.104.39, 51.15.169.58, 185.246.67.156, 185.55.227.119
CometBot1185.130.125.114
AzorUlt3103.229.72.62, 51.91.19.20, 91.211.244.226
Anubis2185.8.177.138, 185.80.129.141
KPOT291.211.244.226
Predator2185.80.129.141, 190.97.167.143
Pony15.45.66.235
CVE
This is a list of recent vulnerabilities for which exploits are available.
ID: CVE-2019-13962
Title: VideoLAN VLC Heap Based Buffer Overflow Vulnerability
Description: VideoLAN VLC is exposed to a heap based buffer overflow vulnerability. lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player has a heap based buffer over read because it does not properly validate the width and height. Attackers can exploit this issue to cause a denial of service condition, denying service to legitimate users.
Vendor: VideoLAN
Publish Date: 2019-18-07 Last Update Date: 2019-23-07
CVSS Score 7.5
ID: CVE-2019-1579
Title: Palo Alto Networks PAN-OS Multiple Remote Code Execution Vulnerabilities
Description: Palo Alto Networks PAN-OS is exposed to multiple remote code execution vulnerabilities. Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. Successfully exploiting these issues may result in the execution of arbitrary code in the context of the affected application.
Vendor: Palo Alto Networks
Publish Date : 2019-19-07 Last Update Date : 2019-25-07
CVSS Score 6.8
ID: CVE-2019-0211
Title: Apache HTTP Server Local Privilege Escalation Vulnerability
Description: Description: Apache HTTP Server is exposed to a local privilege escalation vulnerability. In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. An attacker can exploit this issue to gain elevated privileges on the affected application.
Vendor: Apache
Publish Date : 2019-08-04 Last Update Date : 2019-11-06
CVSS Score 7.2
ID: CVE-2019-2725
Title: Oracle WebLogic Server Deserialization Remote Command Execution Vulnerability
Description: Oracle WebLogic Server is exposed to a remote command execution vulnerability. Attackers can exploit this issue to execute an arbitrary command within the context of a user running the affected application. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
Vendor: Oracle
Publish Date : 2019-26-04 Last Update Date : 2019-05-07
CVSS Score 7.5
ID: CVE-2017-14735
Title: OWASP AntiSamy Cross Site Scripting Vulnerability
Description: OWASP AntiSamy is exposed to a cross site scripting vulnerability because it fails to properly sanitize user supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Vendor: Apache
Publish Date : 2017-25-09 Last Update Date : 2019-16-01
CVSS Score 4.3
ID: CVE-2019-13345
Title: Squid Multiple Cross Site Scripting Vulnerabilities
Description: Squid is exposed to multiple cross site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie based authentication credentials and launch other attacks.
Vendor: Squid
Publish Date : 2019-05-07 Last Update Date : 2019-15-07
CVSS Score 4.3
ID: CVE-2019-1010142
Title: Scapy '_RADIUSAttrPacketListField' Class Remote Denial of Service Vulnerability
Description: Description: Scapy is exposed to a remote denial of service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Vendor: Scapy
CVSS Score 5.0
Vulnerabilities
KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability
2019-07-25
securityfocus.com/bid/98412
FreeBSD CVE-2019-5604 Out of Bounds Read Denial of Service Vulnerability
2019-07-25
securityfocus.com/bid/109369
Exim CVE-2019-13917 Privilege Escalation Vulnerability
2019-07-24
securityfocus.com/bid/109338
Libdwarf CVE-2019-14249 Remote Denial Of Service Vulnerability
2019-07-24
securityfocus.com/bid/109380
McAfee Data Loss Prevention Endpoint for Windows Multiple Local Security Vulnerabilities
2019-07-24
securityfocus.com/bid/109377
Drupal SA-CONTRIB-2019-059 Access Bypass Vulnerability
2019-07-24
securityfocus.com/bid/109372
Drupal Existing Values Autocomplete Widget Module Access Bypass Vulnerability
2019-07-24
securityfocus.com/bid/109371
GNU GDB CVE-2019-1010180 Remote Buffer Overflow Vulnerability
2019-07-24
securityfocus.com/bid/109367
FreeBSD CVE-2019-5607 Local Privilege Escalation Vulnerabiity
2019-07-24
securityfocus.com/bid/109366
Micro Focus ArcSight Logger CVE-2019-3485 HTML Injection Vulnerability
2019-07-24
securityfocus.com/bid/109363
Ansible CVE-2019-10206 Remote Information Disclosure Vulnerability
2019-07-24
securityfocus.com/bid/109361
GNU Binutils 'libiberty' CVE-2019-14250 Integer Overflow Vulnerability
2019-07-24
securityfocus.com/bid/109354
Scapy '_RADIUSAttrPacketListField' Class Remote Denial of Service Vulnerability
2019-07-23
securityfocus.com/bid/106674
FFmpeg CVE-2019-12730 Security Bypass Vulnerability
2019-07-23
securityfocus.com/bid/109317
McAfee Data Loss Prevention Endpoint for Windows Multiple Local Security Vulnerabilities
2019-07-23
securityfocus.com/bid/109370
HAProxy CVE-2019-14241 Remote Denial of Service Vulnerability
2019-07-23
securityfocus.com/bid/109352
D-Link DSL-2750U Multiple Authentication Bypass Vulnerabilities
2019-07-23
securityfocus.com/bid/109351
Mitsubishi Electric FR Configurator2 ICSA-19-204-01 Multiple Security Vulnerabilities
2019-07-23
securityfocus.com/bid/109350
National Renewable Energy Laboratory EnergyPlus Local Stack Based Buffer Overflow Vulnerability
2019-07-23
securityfocus.com/bid/109349
Poppler CVE-2019-9959 Integer Overflow Vulnerability
2019-07-23
securityfocus.com/bid/109342
FortiOS IPS engine CVE-2019-5592 Man in the Middle Information Disclosure Vulnerability
2019-07-23
securityfocus.com/bid/109337
Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability
2019-07-22
securityfocus.com/bid/108410
Apple iOS and watchOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109343
Apple watchOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109340
Microsoft Windows 'OleCreateFontIndirectExt' Out of Bounds Read Information Disclosure Vulnerability
2019-07-22
securityfocus.com/bid/109335
Apple iOS and tvOS CVE-2019-8698 Security Bypass Vulnerability
2019-07-22
securityfocus.com/bid/109334
Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109332
Apple iOS/watchOS/tvOS CVE-2019-8647 Use After Free Remote Code Execution Vulnerability
2019-07-22
securityfocus.com/bid/109330
WebKit Multiple Security Vulnerabilities
2019-07-22
securityfocus.com/bid/109329
WebKit Cross Site Scripting and Multiple Memory Corruption Vulnerabilities
2019-07-22
securityfocus.com/bid/109328
Apple Safari and macOS CVE-2019-8670 Address Bar Spoofing Vulnerability
2019-07-22
securityfocus.com/bid/109327
Apple iOS CVE-2019-8699 Security Bypass Vulnerability
2019-07-22
securityfocus.com/bid/109325
Apple macOS and iOS CVE-2019-8663 Information Disclosure Vulnerability
2019-07-22
securityfocus.com/bid/109324
