threat-intelligence-report

Trends


  • The top attacker country was China with 1048 unique attackers (23.45%)
  • The top Exploit event was Cross Site Scripting with 67% of occurrences



Top Attacker by Country


CountryOccurrencesPercentage
China104823.45%
United States99522.26%
Russian Federation2776.20%
Vietnam2726.09%
Brazil2245.01%
France2174.86%
India1964.39%
Republic of Korea1663.71%
Taiwan1453.24%
United Kingdom1292.89%
Egypt1242.77%
Germany1052.35%
Netherlands1012.26%
Canada992.22%
Indonesia891.99%
Hong Kong791.77%
Italy741.66%
Thailand651.45%
Singapore641.43%


Top Cyber Attackers by Country June 2019



Threat Geo-location


Cyber Security Threat Geolocations June 2019



Top Attacking Hosts


HostOccurrences
218.92.0.20814
27.102.183.2112
27.254.48.18212
58.242.83.378
49.50.69.857
103.219.112.14
58.242.83.364
203.150.77.1251
188.92.77.2351




Top Network Attackers


Origin ASAnnouncementDescription
AS4134218.92.0.0/16Chinanet Jiangsu province network
AS4599627.102.0.0/16DAOU TECHNOLOGY
AS475027.254.0.0/16CS Loxinfo Public Company Limited
AS483758.242.0.0/15China Unicom AnHui province network
AS5547049.50.64.0/18Cyber Futuristics India Pvt Ltd
AS137342103.219.112.0/24BPTI PEMKOT TANGERANG SELATAN
AS4618203.150.0.0/16Asia Pacific Network Information Centre
AS43513188.92.72.0/21Sia Nano IT




Top Event NIDS and Exploits


Top Event NIDS and Exploits June 17-23 2019



Top Alarms


Type of AlarmOccurrences
Automated Actionable Intelligence IOC's140
Bruteforce Authentication - SSH76
Network Discovery - IDS Event5

Comparison from last week

Type of AlarmOccurrences
Automated Actionable Intelligence IOC's157
Trojan infection - IDS Event117
Network Discovery - IDS Event24
Bruteforce Authentication - SSH8
WebServer Attack - XSS1




CVE


This is a list of recent vulnerabilities for which exploits are available.

CVE-2019-12840
Title:    Webmin Arbitrary Command Injection Vulnerability
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Vendor: Webmin
CVSS v2 Base Score:    9.0 (AV:N/AC:M/Au:N/C:C/I:C/A:P)

CVE-2019-12766
Title:    Joomla! Core Cross Site Scripting Vulnerabilitiy
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors. 
Vendor: Joomla
CVSS v2 Base Score:    4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE-2019-9701
Title:    Symantec DLP Cross Site Scripting Vulnerability
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass ac
Vendor: Symantec
CVSS v2 Base Score:    5.2 (AV:A/AC:L/Au:S/C:P/I:P/A:P)

CVE-2019-5590
Title:    Fortinet Fortiweb Cross Site Scripting Vulnerability
The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML format.
Vendor: Fortinet
CVSS v2 Base Score:    9.0 (AV:N/AC:M/Au:N/C:C/I:C/A:P)

CVE-2019-2729
Title:    Oracle WebLogic Deserialization Remote Code Execution Vulnerability
This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Vendor: Oracle
CVSS v2 Base Score:    10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-2019-1053
Title:    Microsoft Windows Shell Local Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.
Vendor: Microsoft
CVSS v2 Base Score:    4.3 (AV:L/AC:L/Au:S/C:P/I:P/A:P)



Vulnerabilities


Microsoft Internet Explorer CVE-2019-0995 Security Bypass Vulnerability
2019-06-21
securityfocus.com/bid/108310

Mozilla Firefox and Firefox ESR CVE-2019-11708 Security Bypass Vulnerability
2019-06-21
securityfocus.com/bid/108835

Mozilla Firefox and Firefox ESR CVE-2019-11707 Denial of Service Vulnerability
2019-06-21
securityfocus.com/bid/108810

Top Attacker Hosts June 17-23 2019
Details