threat-intelligence-repor

Trends

  • The top attacker country was the United States with 815 unique attackers (25.19%)
  • The top Exploit event was SQL injection with 80% of occurrences


Top Attacker by Country

CountryOccurrencesPercentage
United States81525.19%
China80024.73%
France1775.47%
Brazil1725.32%
India1444.45%
Russian Federation1434.42%
Republic of Korea1374.23%
United Kingdom1083.34%
Netherlands1043.21%
Germany872.69%
Canada822.53%
Vietnam822.53%
Taiwan782.41%
Australia601.85%
Greece591.82%
Italy531.64%
Indonesia481.48%
Singapore471.45%
Turkey391.21%


Top Cyber Attackers by Country May 20-26 2019


Threat Geo-location

Cyber Security Threat Geolocations May 20-26 2019


Top Attacking Hosts

HostOccurrences
58.242.83.3928
50.62.177.23816
185.94.111.114
197.231.221.21113
93.174.93.2310



Top Network Attackers

Origin ASAnnouncementDescription
AS483758.242.0.0/15China Unicom AnHui province network
AS2649650.62.0.0/15GoDaddy.com, LLC
AS197068185.94.108.0/22HLL LLC
AS37560197.231.220.0/22Cyberdyne S.A.
AS20242593.174.93.0/24IP Volume Inc.



Top Event NIDS and Exploits

op Event NIDS and Exploits May 20-26 2019


Top Alarms


Type of AlarmOccurrences
OTX Indicators of Compromise - PULSE142
Database Attack - Stored Procedure Access - Attack40
Bruteforce Authentication - SSH9
WebServer Attack - Attack8
Attack Tool detected - Attach1

                   
Comparison from last week

Type of AlarmOccurrences
Attack Tool detected - Attack290
OTX Indicators of Compromise - PULSE134
Bruteforce Authentication - SSH2



CVE

This is a list of recent vulnerabilities for which exploits are available.

ID: CVE-2019-1727 
Title: Cisco NX-OS Software Local Privilege Escalation Vulnerability

ID: CVE-2019-1806 
Title: Cisco Small Business Series Switches Denial of Service Vulnerability
Vendor: Cisco

ID: CVE-2017-14491
Title: Dnsmasq Multiple Security Vulnerabilities
Vendor: Thekelleys

ID: CVE-2015-5504
Title: Drupal Novalnet Payment Module- Ubercart Module SQL Injection Vulnerability
Vendor: Drupal

ID: CVE-2019-11205
Title: Multiple TIBCO Products Multiple Unspecified Cross-Site Scripting Vulnerabilities
Vendor: Tibco

ID: CVE-2019-11328 
Title: Singularity Insecure Permissions Local Privilege Escalation Vulnerability
Vendor: Sylabs 

ID: CVE-2019-10139
Title: cockpit-ovirt Local Information Disclosure Vulnerability
Vendor: oVirt 


ID: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Title: Intel Processor MDS Vulnerabilities
Vendor: Intel

Vulnerabilities

Adobe Flash Player CVE-2019-7837 Use After Free Arbitrary Code Execution Vulnerability
2019-05-24
securityfocus.com/bid/108312

Multiple F-Secure Windows Endpoint Protection Products Local Code Execution Vulnerability
2019-05-24
securityfocus.com/bid/108443

Multiple VMware Products CVE-2019-5519 Local Code Execution Vulnerability
2019-05-24
securityfocus.com/bid/107535

Atlassian Bitbucket Server CVE-2019-3397 Directory Traversal Vulnerability
2019-05-23
securityfocus.com/bid/108447

Siemens SIMATIC Products ICSA-19-134-08 Multiple Security Vulnerabilities
2019-05-22
securityfocus.com/bid/108404

Intel Microarchitectural Data Sampling Multiple Local Information Disclosure Vulnerabilities
2019-05-22
securityfocus.com/bid/108330

Nagios XI '/nagiosxi/login.php' SQL Injection Vulnerability
2019-05-22
securityfocus.com/bid/108446

curl/libcURL CVE-2019-5436 Heap Buffer Overflow Vulnerability
2019-05-22
securityfocus.com/bid/108435

QEMU CVE-2019-12247 Integer Overflow Vulnerability
2019-05-22
securityfocus.com/bid/108434

curl/libcURL CVE-2019-5435 Multiple Integer Overflow Vulnerabilities
2019-05-22
securityfocus.com/bid/108433

QEMU CVE-2019-12155 Local Denial of Service Vulnerability
2019-05-22
securityfocus.com/bid/108429

Apache Camel CVE-2019-0188 XML External Entity Injection Vulnerability
2019-05-22
securityfocus.com/bid/108422

Microsoft Windows 'SetJobFileSecurityByName()' Function Local Privilege Escalation Vulnerability
2019-05-21
securityfocus.com/bid/108423

Mozilla Firefox Multiple Security Vulnerabilities
2019-05-21
securityfocus.com/bid/108421

Top Attacker Hosts May 20-26 2019
Details
Category
Threat Intelligence