threat-intelligence-report

Trends

  • The top attacker country was the United States with 1151 unique attackers (25.49%)
  • The top Exploit event was SQL injection with 80% of occurrences


Top Attacker by Country

CountryOccurrencesPercentage
United States115125.49%
China104123.06%
Brazil2756.09%
United Kingdom2685.94%
France2275.03%
Republic of Korea1994.41%
Russian Federation1944.30%
India1753.88%
Vietnam1242.75%
Netherlands1202.66%
Taiwan1172.59%
Germany1152.55%
Canada1122.48%
Australia831.84%
Italy671.48%
Indonesia651.44%
Greece631.40%
Singapore601.33%
Hong Kong591.31%


Top CountTop Cyber Attackers by Country May 6-12 2019


Threat Geo-location

Cyber Security Threat Geolocations May 6-12 2019

Top Attacking Hosts

HostOccurrences
134.209.74.11960
58.242.83.3924
77.154.194.14818
79.62.150.4515



Top Network Attackers

Origin ASAnnouncementDescription
AS14061134.209.64.0/20Digital Ocean
AS483758.242.0.0/15China Unicom AnHui province network
AS1555777.144.0.0/12SFR SA
AS326979.62.0.0/16Telecom Italia S.p.A



Top Event NIDS and Exploits

Top Event NIDS and Exploits May 6-12 2019

Top Alarms

Type of AlarmOccurrences
OTX Indicators of Compromise - PULSE119
Database Attack - Stored Procedure Access - Attack89
WebServer Attack - Attack45
Bruteforce Authentication - SSH28
Trojan Injection - IDS Event4


Comparison from last week

Type of AlarmOccurrences
Attack Tool Detected - Attack246
Store Procedure Access - Attack246
WebServer Attack - Attack184
OTX Indicators of Compromise - PULSE158
Bruteforce Authentication - SSH11
Network Discovery - IDS Event5



CVE

This is a list of recent vulnerabilities for which exploits are available.

ID:        CVE-2019-0703
Title:    Windows SMB Information Disclosure Vulnerability
Vendor: Windows


ID:        CVE-2019-2725
Title:    Oracle WebLogic Server Remote Code Execution Vulnerability
Vendor: Oracle


ID:        CVE-2019-3400
Title:    Atlassian JIRA Cross Site Scripting Vulnerability
Vendor: Atlassian

ID:        CVE-2019-1708
Title:    Multiple Cisco Products CVE-2019-1708 Denial of Service Vulnerability
Vendor: Cisco 

ID:        CVE-2019-1701
Title:    Multiple Cisco Products Multiple Cross Site Scripting Vulnerabilities
Vendor: Cisco


Vulnerabilities

Multiple VMware Products CVE-2019-5518 Out of Bounds Read Write Local Code Execution Vulnerability
2019-05-10
securityfocus.com/bid/107541

Alpine Linux Docker Image CVE-2019-5021 Hard Coded Credentials Authentication Bypass Vulnerability
2019-05-08
securityfocus.com/bid/108288

Kaspersky Antivirus Engine CVE-2019-8285 Heap Buffer Overflow Vulnerability
2019-05-08
securityfocus.com/bid/108284

Linux Kernel CVE-2019-11815 Race Condition Vulnerability
2019-05-08
securityfocus.com/bid/108283

Multiple F5 BIG-IP Products CVE-2019-6619 Denial of Service Vulnerability
2019-05-08
securityfocus.com/bid/108190

Symantec AV Engine CVE-2019-9698 Arbitrary File Deletion Vulnerability
2019-05-08
securityfocus.com/bid/108128

Cisco Firepower Threat Defense Software CVE-2019-1703 Denial of Service Vulnerability
2019-05-07
securityfocus.com/bid/108170

Jenkins Multiple Security Vulnerabilities
2019-05-07
securityfocus.com/bid/108159

Linux Kernel CVE-2019-11810 Denial of Service Vulnerability
2019-05-07
securityfocus.com/bid/108286

Linux Kernel CVE-2018-20836 Race Condition Vulnerability
2019-05-07
securityfocus.com/bid/108196

Cisco Elastic Services Controller CVE-2019-1867 Authentication Bypass Vulnerability
2019-05-07
securityfocus.com/bid/108184

NVIDIA Tegra TLK Widevine Trust CVE-2018-6243 Privilege Escalation Vulnerability
2019-05-06
securityfocus.com/bid/108287

Facebook Thrift CVE-2019-3565 Remote Denial of Service Vulnerability
2019-05-06
securityfocus.com/bid/108280

Facebook Thrift CVE-2019-3552 Remote Denial of Service Vulnerability
2019-05-06
securityfocus.com/bid/108279

Google Android Broadcom Components CVE-2018-19860 Remote Code Execution Vulnerability
2019-05-06
securityfocus.com/bid/108277

Facebook Thrift CVE-2019-3558 Remote Denial of Service Vulnerability
2019-05-06
securityfocus.com/bid/108274

Top Attacker Hosts May 6-12 2019
Details
Category
Threat Intelligence