Trends
- The top attacker country was United States with 1122 unique attackers (23.82%)
- The top Exploit event was Cross Site Scripting with 64% of occurrences
Top Attacker by Country
| Country | Occurrences | Percentage |
|---|---|---|
| United States | 1122 | 23.82% |
| China | 1026 | 21.78% |
| Russian Federation | 312 | 6.62% |
| Vietnam | 305 | 6.48% |
| Brazil | 260 | 5.52% |
| India | 188 | 3.99% |
| France | 185 | 3.93% |
| Republic of Korea | 169 | 3.59% |
| Egypt | 145 | 3.08% |
| Taiwan | 136 | 2.89% |
| Germany | 131 | 2.78% |
| Netherlands | 118 | 2.51% |
| United Kingdom | 110 | 2.34% |
| Canada | 102 | 2.17% |
| Australia | 97 | 2.06% |
| Indonesia | 81 | 1.72% |
| Hong Kong | 80 | 1.70% |
| Italy | 74 | 1.57% |
| Thailand | 69 | 1.46% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 181.51.60.172 | 18 |
| 143.95.97.1 | 16 |
| 188.92.75.248 | 16 |
| 218.92.0.131 | 16 |
| 218.92.0.204 | 15 |
| 218.92.0.187 | 15 |
Top Network Attackers
| Origin AS | Announcement | Description |
|---|---|---|
| AS14080 | 181.48.0.0/13 | Telmex Colombia S.A, |
| AS62729 | 143.95.96.0/19 | Athenix INC |
| AS43513 | 188.92.72.0/21 | Sia Nano IT |
| AS4134 | 219.92.0.0/17 | CHINANET Jiangsu Province Network |
Top Event NIDS and Exploits
Top Alarms
| Type of Alarm | Occurrences |
|---|---|
| Database Attack - Stored Procedure Access - Attack | 2698 |
| Web Server Attack - Attack | 1032 |
| Network Discovery - IDS Event | 306 |
| Automated Actionable Intelligence IOC's | 175 |
| Trojan Infection - IDS Event | 163 |
| Attack Tool Detected - Attack | 84 |
| Bruteforce Authentication - SSH | 38 |
| WebServer Attack - XSS | 1 |
Comparison from last week
| Type of Alarm | Occurrences |
|---|---|
| Automated Actionable Intelligence IOC's | 140 |
| Bruteforce Authentication - SSH | 76 |
| Network Discovery - IDS Event | 5 |
CVE
This is a list of recent vulnerabilities for which exploits are available.
ID: CVE-2019-12874
Title: VideoLAN VLC Remote Code Execution Vulnerability
Vendor: VideoLAN
Description: VideoLAN VLC Media Player is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
ID: CVE-2019-1875
Title: Cisco Prime Service Catalog Cross Site Scripting Vulnerability
Vendor: Cisco
Description: A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by adding specific strings to multiple configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.
CVSS v2 Base Score: 3.5(AV:N/AC:M/Au:S/C:N/I:P/A:N)
ID: CVE-2019-12280
Title: PC-Doctor for Windows DLL Loading Arbitrary Code Execution Vulnerability
Vendor: PC-Doctor
Description: PC-Doctor for Windows is exposed to an arbitrary code execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application.
CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
ID: CVE-2019-1874
Title: Cisco Prime Service Catalog Cross Site Request Forgery Vulnerability
Vendor: Cisco
Description: Cisco Prime Service Catalog is prone to an cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvp02883.
CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
ID: CVE-2019-9701
Title: Symantec DLP Cross Site Scripting Vulnerability
Vendor: Symantec
Description: Symantec DLP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
ID: CVE-2019-12817
Title: Linux kernel Local Privilege Escalation Vulnerability
Vendor: Linux
Description: Linux Kernel is prone to a local privilege escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges..
CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
ID: CVE-2019-2729
Title: Oracle WebLogic Server Deserialization Remote Code Execution Vulnerability
Vendor: Oracle
Description: Oracle WebLogic Server is exposed to a remote code execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the affected system. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Vulnerabilities
Linux kernel CVE-2019-12817 Local Privilege Escalation Vulnerability
2019-06-27
securityfocus.com/bid/108884
Advantech WebAccess/SCADA ICSA-19-178-05 Multiple Security Vulnerabilities
2019-06-27
securityfocus.com/bid/108923
ImageMagick Multiple Security Vulnerabilities
2019-06-26
securityfocus.com/bid/108913
Cisco Data Center Network Manager CVE-2019-1620 Multiple Security Vulnerabilities
2019-06-26
securityfocus.com/bid/108906
Linux Kernel CVE-2019-12984 Null Pointer Dereference Remote Denial of Service Vulnerability
2019-06-26
securityfocus.com/bid/108905
Atlassian JIRA CVE-2019-11583 Denial of Service Vulnerability
2019-06-26
securityfocus.com/bid/108901
Multiple Cisco Products CVE-2019-1845 Denial of Service Vulnerability
2019-06-25
securityfocus.com/bid/108615
Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability
2019-06-25
securityfocus.com/bid/108866
Nessus CVE-2019-3961 Cross Site Scripting Vulnerability
2019-06-25
securityfocus.com/bid/108892
Samba CVE-2019-12436 Remote Denial of Service Vulnerability
2019-06-24
securityfocus.com/bid/108823
