threat-intelligence-report

Trends


  • The top attacker country was China with 970 unique attackers (25.32%)
  • The top Exploit event was Cross Site Scripting with 61% of occurrences



Top Attacker by Country


CountryOccurrencesPercentage
China97025.32%
United States96025.06%
France1985.17%
Russian Federation1955.09%
Brazil1925.01%
India1604.18%
Republic of Korea1554.05%
United Kingdom1393.63%
Vietnam1082.82%
Germany1022.66%
Taiwan992.58%
Canada962.51%
Netherlands862.24%
Australia832.17%
Singapore691.80%
Greece681.77%
Italy661.72%
Indonesia491.28%
Spain360.94%


Top Cyber Attackers by Country May 27 - June 2 2019



Threat Geo-location


Cyber Security Threat Geolocations May 27- June 2 2019

Top Attacking Hosts


HostOccurrences
183.129.160.22924
58.242.83.3924
66.240.205.3420




Top Network Attackers


Origin ASAnnouncementDescription
AS4134183.128.0.0/1CHINANET Zhejiang province network
AS483758.242.0.0/15China Unicom AnHui province network
AS1043966.240.192.0/18CariNet, Inc




Top Event NIDS and Exploits


Top Event NIDS and Exploits May 27 - June 2 2019



Top Alarms



Type of AlarmOccurrences
Database Attack - Stored Procedure Access - Attack487
Trojan Infection - IDS Event404
Web Server Attack - Attack218
OTX Indicators of Compromise - PULSE183
Network Discovery - IDS Event17
Attack Tool detected - Attack15
Bruteforce Authentication - SSH13
WebServer Attack - XSS1


Comparison from last week

Type of AlarmOccurrences
OTX Indicators of Compromise - PULSE142
Database Attack - Stored Procedure Access - Attack40
Bruteforce Authentication - SSH9
WebServer Attack - Attack8
Attack Tool detected - Attach1




CVE


This is a list of recent vulnerabilities for which exploits are available.

Title: Multiple VMware Products Local Code Execution Vulnerability
Vendor: VMware
CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

ID: CVE-2016-10245 
Title: Doxygen Cross Site Scripting Vulnerability
Vendor: Doxygen
CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

ID: CVE-2019-5960 
Title: WordPress WP Open Graph Plugin Cross Site Request Forgery Vulnerability
Vendor: WordPress
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

ID: CVE-2019-10320 
Title: Jenkins Credentials Plugin Information Disclosure Vulnerability
CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

ID: CVE-2019-3397 
Title: Atlassian Bitbucket Server Directory Traversal Vulnerability
Vendor: Atlassian
CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

ID: CVE-2019-12295
Title: Wireshark 'epan/packet.c' Denial of Service Vulnerability
Vendor: Wireshark 
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)


Vulnerabilities


Microsoft Exchange Server CVE-2019-0858 Spoofing Vulnerability
securityfocus.com/bid/107757

Microsoft Exchange Server CVE-2019-0817 Spoofing Vulnerability
securityfocus.com/bid/107756

Microsoft Exchange Server CVE-2017-8560 Remote Privilege Escalation Vulnerability
securityfocus.com/bid/99449

Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
securityfocus.com/bid/41843

Microsoft Exchange Server Outlook Web Access Cross Site Request Forgery Vulnerability
securityfocus.com/bid/41462

Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
securityfocus.com/bid/33136

Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability
2019-05-31
securityfocus.com/bid/33134

Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability
securityfocus.com/bid/31765

Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability
securityfocus.com/bid/30130

Microsoft Outlook Web Access for Exchange Server HTML Parsing Cross-Site Scripting Vulnerability
securityfocus.com/bid/30078

Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
securityfocus.com/bid/23810

Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
securityfocus.com/bid/23809

Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
securityfocus.com/bid/23808

Microsoft Outlook Web Access Remote Script Injection Vulnerability
securityfocus.com/bid/23806

Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability
securityfocus.com/bid/13952

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability
securityfocus.com/bid/12459

Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
securityfocus.com/bid/5413

Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
securityfocus.com/bid/5412

Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability
securityfocus.com/bid/4390

Microsoft Exchange Server Empty MIME Boundary DoS
securityfocus.com/bid/1688

Cisco IOS Software CVE-2019-1758 Authentication Bypass Vulnerability
securityfocus.com/bid/107616

Microsoft Windows Remote Desktop Services CVE-2019-0708 Remote Code Execution Vulnerability
securityfocus.com/bid/108273

Huawei Smart Phone P9 and Google Android Broadcom Driver Wi-FI Driver Buffer Overflow Vulnerability
securityfocus.com/bid/94943

Multiple VMware Products CVE-2019-5515 Out-Of-Bounds Write Local Code Execution Vulnerability
securityfocus.com/bid/107634

Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Denial of Service Vulnerability
securityfocus.com/bid/108359

Linux Kernel 'marvell/mwifiex/scan.c' Heap Buffer Overflow Vulnerability
securityfocus.com/bid/108521

Apache Hadoop CVE-2018-8029 Remote Privilege Escalation Vulnerability
securityfocus.com/bid/108518

ISC BIND CVE-2019-6469 Remote Denial of Service Vulnerability
securityfocus.com/bid/108517

Oracle VM VirtualBox Mulltiple Local Security Vulnerabilities
securityfocus.com/bid/107960

Samsung KNOX CVE-2019-6744 Lock Screen Local Security Bypass Vulnerability
securityfocus.com/bid/108505

Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability
securityfocus.com/bid/108507

Top Attacker Hosts May 27 - June 2 2019
Details