The Red Piranha Team


Red Piranha is a diversified group of IT professionals dedicated to providing our clients with leading security solutions. We are the developers of Australia's first Unified Threat Management, Crystal Eye, and of Australia's first next-generation firewall.

FOLLOW US:       fb twitter linkedin


Latest Threats, News and Developments


Perth Training

Red Piranha Crystal Eye Training in Perth

Asean

Red Piranha to join Australian government ASEAN 2018 Cyber Security Mission with AustCyber and Austrade

virus

Does the On-going Flame War between Browser & Anti-Virus Programs Developers Make the End Users the Ultimate Losers?

Bec

The Growing Threat of Business Email Compromise Exploits & How Australian SMEs Can Secure Themselves

 

VISIT OUR NEWS PAGE FOR MORE ARTICLES


Trends


  • China is on top of the list with 1397 unique attackers (23.84%)
  • Bruteforce Authentication was the Top Alarm of the week with 239 of occurrences


Top Attacker by Country


Country No. of Attackers Percentage
China 1397 23.84%
United States 1137 19.40%
France 449 7.66%
Brazil 400 6.83%
Russian Federation 340 5.80%
Germany 248 4.23%
India 240 4.10%
United Kingdom 201 3.43%
Republic of Korea 182 3.11%
Netherlands 177 3.02%
Canada 153 2.61%
Vietnam 137 2.34%
Taiwan 130 2.22%
Italy 127 2.17%
Indonesia 123 2.10%
Ukraine 106 1.81%
Singapore 91 1.55%
Poland 78 1.33%
Australia 75 1.28%
Argentina 69 1.18%

Top Country


Threat Geo-location


Threat Geoloc


Top Attacking Hosts


Host Occurrences
16.31.116.11 288
116.31.116.17 86
71.6.135.131 12
93.174.95.106 10

Top Host


Top Alarms


Alarm No. of Occurrences
Bruteforce Authentication - SSH 239
OTX Indicators of Compromise - PULSE 107
Attack Tool Detected - Attack 8
WebServer Attack - Attack 3

Comparison from Previous Report

Alarm No. of Occurrences
Bruteforce Authentication - SSH 201
OTX Indicators of Compromise - PULSE 88
Database Attack - Stored Procedure - Attack 14
Attack Tool Detected - Attack 12
WebServer Attack - Attack 5
Bruteforce Authentication - Windows Login 2

Top Alarm


Exploit Event Types and Top Event NIDS


Top NID


Red Piranha - Open Threat Exchange


Pulses Subscribed Indicators Last Updated Number of Alarms Number of Events
6,095 892,167 2018-12-02 23:05:26 6,598 7,827

UIP


Events from the most active OTX


EventsEvents2


CVE


CVE-2018-19787


An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.


https://nvd.nist.gov/vuln/detail/CVE-2018-19787


Vulnerabilities


Vuln: QEMU CVE-2018-19665 Integer Overflow Vulnerability
https://www.securityfocus.com/bid/106050

Vuln: Joomla Event Booking Extension ‘com_eventbooking’ Arbitrary File Download
https://www.securityfocus.com/bid/106042

​​​​​​​
 

0 Comments
Monday, December 3, 2018 By rayah.medina