threat-intelligence-report

Trends


  • The top attacker country was China with 970 unique attackers (25.32%)
  • The top Exploit event was Cross Site Scripting with 61% of occurrences



Top Attacker by Country


CountryOccurrencesPercentage
United States136326.40%
China88617.16%
United Kingdom3667.09%
India3286.35%
Russian Federation2414.67%
Brazil2364.57%
France2344.53%
Republic of Korea1753.39%
Canada1733.35%
Australia1733.35%
Netherlands1643.18%
Germany1362.63%
Taiwan1202.32%
Greece1142.21%
Singapore1011.96%
Vietnam931.80%
Argentina891.72%
Venezuela871.69%
Mexico831.61%


Top Cyber Attackers by Country June 3-9 2019



Threat Geo-location


Cyber Security Threat Geolocations June 3-9 2019




Top Attacking Hosts


HostOccurrences
58.242.83.3958
89.248.167.13124
66.240.205.3412




Top Network Attackers


Origin ASAnnouncementDescription
AS483758.242.0.0/15China Unicom AnHui province network
AS20242589.248.167.0/24IP Volume Inc.
AS1043966.240.192.0/18CariNet, Inc




Top Event NIDS and Exploits


Top Event NIDS and Exploits June 3-9 2019

Top Alarms



Type of AlarmOccurrences
Trojan Infection - IDS Event456
Automated Actionable Intelligence IOC's131
Bruteforce Authentication - SSH50
Network Discovery - IDS Event27

                   
Comparison from last week

Type of AlarmOccurrences
Database Attack - Stored Procedure Access - Attack487
Trojan Infection - IDS Event404
Web Server Attack - Attack218
OTX Indicators of Compromise - PULSE183
Network Discovery - IDS Event17
Attack Tool detected - Attack15
Bruteforce Authentication - SSH13
WebServer Attack - XSS1




CVE


This is a list of recent vulnerabilities for which exploits are available.


ID: CVE-2018-11776
Title: Apache Struts 2 Namespace Remote Code Execution Vulnerability (S2-057)
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

ID: CVE-2018-2628
Title: Oracle Weblogic Deserialization Remote Code Execution Vulnerability
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

ID: CVE-2018-8174
Title: Windows VBScript Engine Remote Code Execution Vulnerability
CVSS v2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

ID: CVE-2018-7600
Title: Drupal Core Remote Code Execution Vulnerability (SA-CORE-2018-002)
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

ID: CVE-2018-0886 
Title: Microsoft Credential Security Support Provider Remote Code Execution Vulnerability
CVSS v2 Base Score: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

ID: CVE-2018-4878
Title: Adobe Flash Player Remote Code Execution Vulnerability (APSA18-01)
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

ID: CVE-2017-12636
Title: Apache CouchDB Remote Code Execution Vulnerability
CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

ID: CVE-2017-10271 
Title: Oracle WebLogic WLS Security Component Remote Code Execution
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)



Vulnerabilities


VMware Workstation CVE-2019-5525 Local Code Execution Vulnerability
2019-06-06
securityfocus.com/bid/108674

VMware Tools CVE-2019-5522 Local Information Disclosure Vulnerability
2019-06-06
securityfocus.com/bid/108673

Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability
2019-06-05
securityfocus.com/bid/4390

Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
2019-06-05
securityfocus.com/bid/5413

Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
2019-06-05
securityfocus.com/bid/5412

Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability
2019-06-05
securityfocus.com/bid/31765

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability
2019-06-05
securityfocus.com/bid/12459

Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
2019-06-05
securityfocus.com/bid/41843

Microsoft Exchange Server Outlook Web Access Cross Site Request Forgery Vulnerability
2019-06-05
securityfocus.com/bid/41462

Microsoft Exchange Server Remote Privilege Escalation Vulnerability
2019-06-05
securityfocus.com/bid/106725

Django CVE-2019-12308 Cross Site Scripting Vulnerability
2019-06-05
securityfocus.com/bid/108559

Cisco Unified Computing System Central Software CVE-2019-1880 Security Bypass Vulnerability
2019-06-05
securityfocus.com/bid/108680

Cisco Industrial Network Director CVE-2019-1881 Cross Site Request Forgery Vulnerability
2019-06-05
securityfocus.com/bid/108678

Multiple Cisco Products CVE-2019-1872 Server Side Request Forgery Security Bypass Vulnerability
2019-06-05
securityfocus.com/bid/108677

Zoho ManageEngine NetFlow Analyzer CVE-2019-12196 SQL Injection Vulnerability
2019-06-05
securityfocus.com/bid/108672

Cisco Enterprise Chat and Email CVE-2019-1870 Cross Site Scripting Vulnerability
2019-06-05
securityfocus.com/bid/108645

Top Attacker Hosts June 3-9 2019
Details