Trends
- The top attacker country was China with 1048 unique attackers (23.45%)
- The top Exploit event was Cross Site Scripting with 67% of occurrences
Top Attacker by Country
| Country | Occurrences | Percentage |
|---|---|---|
| China | 1048 | 23.45% |
| United States | 995 | 22.26% |
| Russian Federation | 277 | 6.20% |
| Vietnam | 272 | 6.09% |
| Brazil | 224 | 5.01% |
| France | 217 | 4.86% |
| India | 196 | 4.39% |
| Republic of Korea | 166 | 3.71% |
| Taiwan | 145 | 3.24% |
| United Kingdom | 129 | 2.89% |
| Egypt | 124 | 2.77% |
| Germany | 105 | 2.35% |
| Netherlands | 101 | 2.26% |
| Canada | 99 | 2.22% |
| Indonesia | 89 | 1.99% |
| Hong Kong | 79 | 1.77% |
| Italy | 74 | 1.66% |
| Thailand | 65 | 1.45% |
| Singapore | 64 | 1.43% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 218.92.0.208 | 14 |
| 27.102.183.21 | 12 |
| 27.254.48.182 | 12 |
| 58.242.83.37 | 8 |
| 49.50.69.85 | 7 |
| 103.219.112.1 | 4 |
| 58.242.83.36 | 4 |
| 203.150.77.125 | 1 |
| 188.92.77.235 | 1 |
Top Network Attackers
| Origin AS | Announcement | Description |
|---|---|---|
| AS4134 | 218.92.0.0/16 | Chinanet Jiangsu province network |
| AS45996 | 27.102.0.0/16 | DAOU TECHNOLOGY |
| AS4750 | 27.254.0.0/16 | CS Loxinfo Public Company Limited |
| AS4837 | 58.242.0.0/15 | China Unicom AnHui province network |
| AS55470 | 49.50.64.0/18 | Cyber Futuristics India Pvt Ltd |
| AS137342 | 103.219.112.0/24 | BPTI PEMKOT TANGERANG SELATAN |
| AS4618 | 203.150.0.0/16 | Asia Pacific Network Information Centre |
| AS43513 | 188.92.72.0/21 | Sia Nano IT |
Top Event NIDS and Exploits
Top Alarms
| Type of Alarm | Occurrences |
|---|---|
| Automated Actionable Intelligence IOC's | 140 |
| Bruteforce Authentication - SSH | 76 |
| Network Discovery - IDS Event | 5 |
Comparison from last week
| Type of Alarm | Occurrences |
|---|---|
| Automated Actionable Intelligence IOC's | 157 |
| Trojan infection - IDS Event | 117 |
| Network Discovery - IDS Event | 24 |
| Bruteforce Authentication - SSH | 8 |
| WebServer Attack - XSS | 1 |
CVE
This is a list of recent vulnerabilities for which exploits are available.
CVE-2019-12840
Title: Webmin Arbitrary Command Injection Vulnerability
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Vendor: Webmin
CVSS v2 Base Score: 9.0 (AV:N/AC:M/Au:N/C:C/I:C/A:P)
CVE-2019-12766
Title: Joomla! Core Cross Site Scripting Vulnerabilitiy
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
Vendor: Joomla
CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-2019-9701
Title: Symantec DLP Cross Site Scripting Vulnerability
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass ac
Vendor: Symantec
CVSS v2 Base Score: 5.2 (AV:A/AC:L/Au:S/C:P/I:P/A:P)
CVE-2019-5590
Title: Fortinet Fortiweb Cross Site Scripting Vulnerability
The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML format.
Vendor: Fortinet
CVSS v2 Base Score: 9.0 (AV:N/AC:M/Au:N/C:C/I:C/A:P)
CVE-2019-2729
Title: Oracle WebLogic Deserialization Remote Code Execution Vulnerability
This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Vendor: Oracle
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE-2019-1053
Title: Microsoft Windows Shell Local Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.
Vendor: Microsoft
CVSS v2 Base Score: 4.3 (AV:L/AC:L/Au:S/C:P/I:P/A:P)
Vulnerabilities
Microsoft Internet Explorer CVE-2019-0995 Security Bypass Vulnerability
2019-06-21
securityfocus.com/bid/108310
Mozilla Firefox and Firefox ESR CVE-2019-11708 Security Bypass Vulnerability
2019-06-21
securityfocus.com/bid/108835
Mozilla Firefox and Firefox ESR CVE-2019-11707 Denial of Service Vulnerability
2019-06-21
securityfocus.com/bid/108810
