- The top attacker country was China with 1879 unique attackers (28.89%).
- The top Exploit event was Cross Site Scripting with 67% of occurrences.
- The top Trojan C&C server detected was TrickBot with 56 instances detected.
Top Attacker by Country
|Republic of Korea||351||5.40%|
Top Attacking Hosts
Top Network Attackers
|AS4837||188.8.131.52/13||China Unicom Jiangsu province network|
|AS4134||184.108.40.206/16||Chinanet Jiangsu province network|
Top Event NIDS and Exploits
|Type of Alarm||Occurrences|
|Attack Tool Detected||96|
Comparison from last week
|Type of Alarm||Occurrences|
Remote Access Trojan C&C Servers Found
|Malware Type||MD5||Typical Filename|
CVEs For Which Public Exploits Have Been Detected
Title: LibreNMS Collectd Command Injection Vulnerability
Description: A command injection vulnerability exists in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().
CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Title: Microsoft DirectWrite Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs (such as the Chrome, Firefox and Edge browsers) and constitutes an attack surface for memory corruption bugs, as it performs the processing of untrusted font files and is written in C/C++. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Title: phpMyAdmin Cross Site Request Forgery Vulnerability
Description: A Cross site request forgery issue in phpMyAdmin allows deletion of any server in the Setup page. The attacker can easily create a fake hyperlink containing the request that wants to execute on behalf the user,in this way making possible a CSRF attack due to the wrong use of HTTP method.
CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
ID: 2019-16173, 2019-16172
Title: LimeSurvey Cross-Site Scripting Vulnerability
CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Title: Microsoft Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. AppXSvc improperly handles file hard links resulting in a low privileged user being able to take "Full Control" of an arbitrary file leading to elevation of privilege.
CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)