Trends
- The top attacker country was China with 970 unique attackers (25.32%)
- The top Exploit event was Cross Site Scripting with 61% of occurrences
Top Attacker by Country
| Country | Occurrences | Percentage |
|---|---|---|
| United States | 1363 | 26.40% |
| China | 886 | 17.16% |
| United Kingdom | 366 | 7.09% |
| India | 328 | 6.35% |
| Russian Federation | 241 | 4.67% |
| Brazil | 236 | 4.57% |
| France | 234 | 4.53% |
| Republic of Korea | 175 | 3.39% |
| Canada | 173 | 3.35% |
| Australia | 173 | 3.35% |
| Netherlands | 164 | 3.18% |
| Germany | 136 | 2.63% |
| Taiwan | 120 | 2.32% |
| Greece | 114 | 2.21% |
| Singapore | 101 | 1.96% |
| Vietnam | 93 | 1.80% |
| Argentina | 89 | 1.72% |
| Venezuela | 87 | 1.69% |
| Mexico | 83 | 1.61% |
Threat Geo-location
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 58.242.83.39 | 58 |
| 89.248.167.131 | 24 |
| 66.240.205.34 | 12 |
Top Network Attackers
| Origin AS | Announcement | Description |
|---|---|---|
| AS4837 | 58.242.0.0/15 | China Unicom AnHui province network |
| AS202425 | 89.248.167.0/24 | IP Volume Inc. |
| AS10439 | 66.240.192.0/18 | CariNet, Inc |
Top Event NIDS and Exploits
Top Alarms
| Type of Alarm | Occurrences |
|---|---|
| Trojan Infection - IDS Event | 456 |
| Automated Actionable Intelligence IOC's | 131 |
| Bruteforce Authentication - SSH | 50 |
| Network Discovery - IDS Event | 27 |
Comparison from last week
| Type of Alarm | Occurrences |
|---|---|
| Database Attack - Stored Procedure Access - Attack | 487 |
| Trojan Infection - IDS Event | 404 |
| Web Server Attack - Attack | 218 |
| OTX Indicators of Compromise - PULSE | 183 |
| Network Discovery - IDS Event | 17 |
| Attack Tool detected - Attack | 15 |
| Bruteforce Authentication - SSH | 13 |
| WebServer Attack - XSS | 1 |
CVE
This is a list of recent vulnerabilities for which exploits are available.
ID: CVE-2018-11776
Title: Apache Struts 2 Namespace Remote Code Execution Vulnerability (S2-057)
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ID: CVE-2018-2628
Title: Oracle Weblogic Deserialization Remote Code Execution Vulnerability
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
ID: CVE-2018-8174
Title: Windows VBScript Engine Remote Code Execution Vulnerability
CVSS v2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
ID: CVE-2018-7600
Title: Drupal Core Remote Code Execution Vulnerability (SA-CORE-2018-002)
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ID: CVE-2018-0886
Title: Microsoft Credential Security Support Provider Remote Code Execution Vulnerability
CVSS v2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
ID: CVE-2018-4878
Title: Adobe Flash Player Remote Code Execution Vulnerability (APSA18-01)
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
ID: CVE-2017-12636
Title: Apache CouchDB Remote Code Execution Vulnerability
CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
ID: CVE-2017-10271
Title: Oracle WebLogic WLS Security Component Remote Code Execution
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Vulnerabilities
VMware Workstation CVE-2019-5525 Local Code Execution Vulnerability
2019-06-06
VMware Tools CVE-2019-5522 Local Information Disclosure Vulnerability
2019-06-06
Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability
2019-06-05
Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
2019-06-05
Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
2019-06-05
Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability
2019-06-05
Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability
2019-06-05
Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
2019-06-05
Microsoft Exchange Server Outlook Web Access Cross Site Request Forgery Vulnerability
2019-06-05
Microsoft Exchange Server Remote Privilege Escalation Vulnerability
2019-06-05
Django CVE-2019-12308 Cross Site Scripting Vulnerability
2019-06-05
Cisco Unified Computing System Central Software CVE-2019-1880 Security Bypass Vulnerability
2019-06-05
Cisco Industrial Network Director CVE-2019-1881 Cross Site Request Forgery Vulnerability
2019-06-05
Multiple Cisco Products CVE-2019-1872 Server Side Request Forgery Security Bypass Vulnerability
2019-06-05
Zoho ManageEngine NetFlow Analyzer CVE-2019-12196 SQL Injection Vulnerability
2019-06-05
Cisco Enterprise Chat and Email CVE-2019-1870 Cross Site Scripting Vulnerability
2019-06-05
