Red Piranha Threat Intelligence Report - September 18 - 24 2018

TRENDS


  • The United States is on top of the list with 1400 unique attackers.  
  • The exploit events were SQL Injection, Cross Site Scripting Miscellaneous, Command Execution, Denial of Service and Attack Response. 
  • The Top Alarm was Bruteforce Attach SSH with 187 Occurrences.


TOP ATTACKER COUNTRIES

CountryNo. of AttackersPercentage
United States140026.0%
China136825.4%
Russian Federation3476.4%
Brazil3045.6%
France2434.5%
India2063.8%
Vietnam2043.8%
Republic of Korea1582.9%
Netherlands1262.3%
United Kingdom1122.1%
Australia1082.0%
Canada1041.9%
Italy1021.9%
Taiwan971.8%
Germany971.8%
Indonesia911.7%
Ukraine851.6%
Thailand831.5%
Colombia811.5%
Egypt751.4%


Top Cyber Attackers by Country September 18-24 2018


THREAT GEOLOCATION

Cyber Security Threat Geolocations September 18-24 2018


TOP ATTACKING HOSTS

Top Attacker Hosts September 18-24 2018


TOP ALARMS

AlarmNo. of Occurrences
Bruteforce Authentication - SSH187
OTX Indicators of Compromise - PULSE147
Database Attack - Stored Procedure Access - Attack98
WebServer Attack - Attack33
Attack Tool detected - Attack29


Comparison to Previous Week


AlarmNo. of Occurrences
OTX Indicators of Compromise - PULSE 110
Database Attack - Stored Procedure Access - Attack42
Bruteforce Authentication - SSH30
Attack Tool detected - Attack24
WebServer Attack - Attack8



EXPLOIT EVENT TYPES

Exploit Events September 18-24 2018




OPEN THREAT EXCHANGE

Pulses SubscribedIndicatorsLast UpdatedNumber of AlarmsNumber of Events
5,708870,4912018-09-24 00:24:025,40011,776



VULNERABILITIES


2018-09-21

Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability
securityfocus.com/bid/103539



2018-09-20

Ghostscript Multiple Security Bypass Vulnerabilities
securityfocus.com/bid/105122


Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
securityfocus.com/bid/1048793


Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
securityfocus.com/bid/105376


Foreman CVE-2018-14643 Authentication Bypass Vulnerability
securityfocus.com/bid/105375


2018-09-19

Adobe Flash Player CVE-2018-15967 Unspecified Information Disclosure Vulnerability
securityfocus.com/bid/105315


ISC BIND CVE-2018-5741 Security Bypass Vulnerability
securityfocus.com/bid/105379


Citrix ShareFile StorageZones Control Directory Traversal and Information Disclosure Vulnerabilities
securityfocus.com/bid/105377


Cisco WebEx Network Recording Player Multiple Remote Code Execution Vulnerabilities
securityfocus.com/bid/105374


Adobe Acrobat and Reader CVE-2018-12848 Arbitrary Code Execution Vulnerability
securityfocus.com/bid/105360


Western Digital My Cloud CVE-2018-17153 Authentication Bypass Vulnerability
securityfocus.com/bid/105359


Adobe Acrobat and Reader APSB18-34 Multiple Information Disclosure Vulnerabilities
securityfocus.com/bid/105358


Symantec Messaging Gateway CVE-2018-12243 XML External Entity Injection Vulnerability
securityfocus.com/bid/105330


Symantec Messaging Gateway CVE-2018-12242 Authentication Bypass Vulnerability
securityfocus.com/bid/105329


2018-09-17

Apache SpamAssassin CVE-2018-11780 Remote Code Execution Vulnerability
securityfocus.com/bid/105373

Top Cyber Security Alarms September 18-24 2018
Details
Category
Threat Intelligence