threat-intelligence-report

Trends

  • The top attacker country was the United States with 1105 unique attackers (27.72%)
  • The top Exploit event was Miscellaneous with 70% of occurrences


Top Attacker by Country

CountryOccurrencesPercentage
United States110527.72%
China95023.83%
Brazil2025.07%
France1894.74%
Russian Federation1724.31%
Republic of Korea1563.91%
India1533.84%
Germany1243.11%
United Kingdom1213.03%
Canada1122.81%
Vietnam1072.68%
Netherlands972.43%
Australia962.41%
Taiwan932.33%
Singapore822.06%
Italy631.58%
Indonesia621.56%
Greece601.50%
Spain431.08%


Top Cyber Attackers by Country April 29 - May 5 2019


Threat Geo-location

Cyber Security Threat Geolocations April 29 - May 5 2019


Top Attacking Hosts

Host/IP Address
51.68.11.231
213.251.182.110
50.62.176.21
174.136.12.168
178.62.119.137
46.4.50.7
85.13.131.13



Top Network Attackers

CountryOrigin ASAnnouncementDescription
USAS1627651.68.0.0/16OVH SAS
USAS62729174.136.12.0/22A Small Orange LLC
USAS14061178.62.64.0/18DigitalOcean London
GermanyAS2494046.4.0.0/16Hetzner Online GmbH
GermanyAS3478885.13.131.0/24Neue Medien Muennich GmbH



Top Event NIDS and Exploits

Top Event NIDS and Exploits April 29 - May 5 2019


Top Alarms

Type of AlarmOccurrences
Attack Tool Detected - Attack246
Store Procedure Access - Attack246
WebServer Attack - Attack184
OTX Indicators of Compromise - PULSE158
Bruteforce Authentication - SSH11
Network Discovery - IDS Event5

                 
Comparison from last week

Type of AlarmOccurrences
OTX Indicators of Compromise - PULSE210
Attack Tool Detected - Attack44
Bruteforce Authentication - SSH35
WebServer Attack - Attack34
Trojan Infection - IDS Event21
Database Attack - Stored Procedure Access - Attack9
Network Discovery - IDS Event7


 


CVE

This is a list of recent vulnerabilities for which exploits are available.

ID: CVE-2019-3844 
Title: systemd Local Privilege Escalation Vulnerability
Vendor: systemd

ID: CVE-2019-6467
Title: ISC BIND Remote Denial of Service Vulnerability
Vendor: ISC

ID: CVE-2018-2004
Title: IBM Jazz Reporting Service Cross Site Scripting Vulnerability
Vendor: IBM

ID: CVE-2019-11035
Title: PHP Multiple Heap Buffer Overflow Vulnerabilities
Vendor: PHP

ID: CVE-2019-11244
Title: Kubernetes Local Unauthorized Access Vulnerability
Vendor: Kubernetes

ID: CVE-2019-9208
Title: Wireshark Multiple Denial of Service Vulnerabilities
Vendor: Wireshark


Vulnerabilities

Oracle E-Business Suite cpuapr2019 Multiple Security Vulnerabilities
securityfocus.com/bid/107938

Oracle WebLogic Server Deserialization Remote Command Execution Vulnerability
securityfocus.com/bid/108074

Microsoft Visual Studio 'asm' Remote Memory Corruption Vulnerability
securityfocus.com/bid/108122

Multiple GE Communicator components ICSA-19-122-02 Multiple Security Vulnerabilities
securityfocus.com/bid/108143

Linux Kernel CVE-2019-11683 Remote Denial of Service Vulnerability
securityfocus.com/bid/108142

Eclipse OpenJ9 CVE-2019-10245 Denial of Service Vulnerability
securityfocus.com/bid/108094

Cisco Nexus 9000 Series Fabric Switches CVE-2019-1592 Local Privilege Escalation Vulnerability
securityfocus.com/bid/108146

Cisco Prime Network Registrar CVE-2019-1852 Cross Site Scripting Vulnerability
securityfocus.com/bid/108145

Cisco Adaptive Security Appliance Software CVE-2019-1706 Denial of Service Vulnerability
securityfocus.com/bid/108144

Cisco Nexus 9000 Series Fabric Switches CVE-2019-1587 Information Disclosure Vulnerability
securityfocus.com/bid/108141

Cisco Small Business Switches CVE-2019-1859 Authentication Bypass Vulnerability
securityfocus.com/bid/108140

Cisco Small Business RV320 and RV325 Routers CVE-2019-1724 Session Hijacking Vulnerability
securityfocus.com/bid/108139

Multiple Cisco Products CVE-2019-1635 Denial Of Service Vulnerability
securityfocus.com/bid/108138

Multiple Cisco Products CVE-2018-15388 Denial of Service Vulnerability
securityfocus.com/bid/108137

Cisco Nexus 9000 Series Fabric Switches CVE-2019-1803 Local Privilege Escalation Vulnerability
securityfocus.com/bid/108136

Cisco Firepower Threat Defense Software CVE-2019-1699 Local Command Injection Vulnerability
securityfocus.com/bid/108135

Cisco Umbrella CVE-2019-1807 Session Hijacking Vulnerability
securityfocus.com/bid/108134

Cisco Nexus 9000 Series Fabric Switches CVE-2019-1590 Authentication Bypass Vulnerability
securityfocus.com/bid/108133

Cisco Adaptive Security Appliance Software CVE-2019-1713 Cross Site Request Forgery Vulnerability
securityfocus.com/bid/108132

Cisco Web Security Appliance CVE-2019-1816 Local Command Injection Vulnerability
securityfocus.com/bid/108131

Cisco Web Security Appliance CVE-2019-1817 Remote Denial of Service Vulnerability
securityfocus.com/bid/108130

Cisco Application Policy Infrastructure Controller Local Privilege Escalation Vulnerability
securityfocus.com/bid/108129

Top Cyber Security Alarms April 29 - May 5 2019
Details
Category
Threat Intelligence