threat-intelligence-report

Trends

  • The top attacker country was China with 970 unique attackers (25.32%)
  • The top Exploit event was Cross Site Scripting with 61% of occurrences

Top Attacker by Country

Country Occurrences Percentage
China 970 25.32%
United States 960 25.06%
France 198 5.17%
Russian Federation 195 5.09%
Brazil 192 5.01%
India 160 4.18%
Republic of Korea 155 4.05%
United Kingdom 139 3.63%
Vietnam 108 2.82%
Germany 102 2.66%
Taiwan 99 2.58%
Canada 96 2.51%
Netherlands 86 2.24%
Australia 83 2.17%
Singapore 69 1.80%
Greece 68 1.77%
Italy 66 1.72%
Indonesia 49 1.28%
Spain 36 0.94%

Top Cyber Attackers by Country May 27 - June 2 2019

Threat Geo-location

Cyber Security Threat Geolocations May 27- June 2 2019

Top Attacking Hosts

Host Occurrences
183.129.160.229 24
58.242.83.39 24
66.240.205.34 20

Top Network Attackers

Origin AS Announcement Description
AS4134 183.128.0.0/1 CHINANET Zhejiang province network
AS4837 58.242.0.0/15 China Unicom AnHui province network
AS10439 66.240.192.0/18 CariNet, Inc

Top Event NIDS and Exploits

Top Event NIDS and Exploits May 27 - June 2 2019

Top Alarms

Type of Alarm Occurrences
Database Attack - Stored Procedure Access - Attack 487
Trojan Infection - IDS Event 404
Web Server Attack - Attack 218
OTX Indicators of Compromise - PULSE 183
Network Discovery - IDS Event 17
Attack Tool detected - Attack 15
Bruteforce Authentication - SSH 13
WebServer Attack - XSS 1


Comparison from last week
 

Type of Alarm Occurrences
OTX Indicators of Compromise - PULSE 142
Database Attack - Stored Procedure Access - Attack 40
Bruteforce Authentication - SSH 9
WebServer Attack - Attack 8
Attack Tool detected - Attach 1

CVE

This is a list of recent vulnerabilities for which exploits are available.

Title: Multiple VMware Products Local Code Execution Vulnerability
Vendor: VMware
CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

ID: CVE-2016-10245 
Title: Doxygen Cross Site Scripting Vulnerability
Vendor: Doxygen
CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

ID: CVE-2019-5960 
Title: WordPress WP Open Graph Plugin Cross Site Request Forgery Vulnerability
Vendor: WordPress
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

ID: CVE-2019-10320 
Title: Jenkins Credentials Plugin Information Disclosure Vulnerability
CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

ID: CVE-2019-3397 
Title: Atlassian Bitbucket Server Directory Traversal Vulnerability
Vendor: Atlassian
CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

ID: CVE-2019-12295
Title: Wireshark 'epan/packet.c' Denial of Service Vulnerability
Vendor: Wireshark 
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Vulnerabilities

Microsoft Exchange Server CVE-2019-0858 Spoofing Vulnerability

Microsoft Exchange Server CVE-2019-0817 Spoofing Vulnerability

Microsoft Exchange Server CVE-2017-8560 Remote Privilege Escalation Vulnerability

Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability

Microsoft Exchange Server Outlook Web Access Cross Site Request Forgery Vulnerability

Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability

Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability
2019-05-31

Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability

Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability

Microsoft Outlook Web Access for Exchange Server HTML Parsing Cross-Site Scripting Vulnerability

Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability

Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability

Microsoft Exchange iCal Request Remote Denial of Service Vulnerability

Microsoft Outlook Web Access Remote Script Injection Vulnerability

Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability

Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities

Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability

Microsoft Exchange Server Empty MIME Boundary DoS

Cisco IOS Software CVE-2019-1758 Authentication Bypass Vulnerability

Microsoft Windows Remote Desktop Services CVE-2019-0708 Remote Code Execution Vulnerability

Huawei Smart Phone P9 and Google Android Broadcom Driver Wi-FI Driver Buffer Overflow Vulnerability

Multiple VMware Products CVE-2019-5515 Out-Of-Bounds Write Local Code Execution Vulnerability

Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Denial of Service Vulnerability

Linux Kernel 'marvell/mwifiex/scan.c' Heap Buffer Overflow Vulnerability

Apache Hadoop CVE-2018-8029 Remote Privilege Escalation Vulnerability

ISC BIND CVE-2019-6469 Remote Denial of Service Vulnerability

Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities

Samsung KNOX CVE-2019-6744 Lock Screen Local Security Bypass Vulnerability

Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability

Top Attacker Hosts May 27 - June 2 2019
Details
Date Published
June 03, 2019
Category
Threat Intelligence