Trends
- China is on top of the list with 835 unique attackers (21.4%)
- Command and execution was the top exploit event of the week with 55% of occurrences
Top Attacker by Country
| Country | No. of Attackers | Percentage |
|---|---|---|
| China | 835 | 21.4% |
| United States | 748 | 19.2% |
| Russian Federation | 323 | 8.3% |
| Brazil | 295 | 7.6% |
| France | 245 | 6.3% |
| India | 150 | 3.8% |
| Republic of Korea | 147 | 3.8% |
| Ukraine | 131 | 3.4% |
| Netherlands | 121 | 3.1% |
| Germany | 111 | 2.8% |
| United Kingdom | 102 | 2.6% |
| Canada | 99 | 2.5% |
| Vietnam | 97 | 2.5% |
| Indonesia | 91 | 2.3% |
| Australia | 85 | 2.2% |
| Taiwan | 79 | 2.0% |
| Italy | 71 | 1.8% |
| Poland | 61 | 1.6% |
| Turkey | 56 | 1.4% |
Top Attacking Hosts
| Host | Occurrences |
|---|---|
| 116.31.116.52 | 132 |
| 89.248.172.207 | 121 |
| 60.191.38.77 | 87 |
| 206.189.201.149 | 53 |
| 94.102.49.123 | 34 |
| 94.102.63.27 | 31 |
| 71.6.202.198 | 27 |
| 118.67.248.122 | 18 |
Top Alarms
| Alarm | No. of Occurrences |
|---|---|
| Database Attack - Stored Process Access - Attack | 2516 |
| Attack Tool Detected - Attack | 1267 |
| WebServer Attack - Attack | 1163 |
| OTX Indicators of Compromise - PULSE | 125 |
| Bruteforce Authentication - SSH | 33 |
| WebServer Attack - XSS | 5 |
| Bruteforce Authentication - Windows Login | 1 |
Comparison from Previous Report
| Alarm | No. of Occurrences |
|---|---|
| OTX Indicators of Compromise - PULSE | 116 |
| Database Attack - Stored Process Access - Attack | 52 |
| Bruteforce Authentication - SSH | 48 |
| Attack Tool Detected - Attack | 25 |
Red Piranha - Open Threat Exchange
| Pulses Subscribed | Indicators | Last Updated | Number of Alarms | Number of Events |
|---|---|---|---|---|
| 5,951 | 882,591 | 2018-11-12 14:00:47 | 6,293 | 9,576 |
Vulnerabilities
Vuln: FreeBSD TCP Reassembly CVE-2018-6922 Denial Of Service Vulnerability
securityfocus.com/bid/105058
Vuln: Google Chrome V8 Out of Bounds Memory Access Vulnerability
securityfocus.com/bid/105879
Vuln: Multiple VMware Products CVE-2018-6982 Information Disclosure Vulnerability
securityfocus.com/bid/105882
Common Vulnerabilities and Exposures (CVE)
CVE-2018-19185
An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector.
CVE-2018-19192
An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter.
CVE-2018-19193
An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the "New news" screen.
CVE-2018-19194
An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message.
CVE-2018-19195
An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\show_product.html file.