Global Cyber Threats 

Global | Canada | US

Last year's Threats

Last month's Threats

35
Phishing
217
1700, 1378, 1190, 736, 749, 786, 969, 902, 1163, 751, 602, 691, 1048, 907, 845, 941, 805, 721, 963, 942, 1055, 1106, 1105, 772, 643, 1020, 731, 1051, 832, 217
0
Malware
1
27, 30, 0, 0, 3, 53, 21, 26, 29, 15, 0, 9, 52, 26, 32, 22, 13, 0, 9, 54, 50, 42, 21, 0, 75, 15, 0, 9, 79, 1
3
Spam
7
92, 84, 114, 76, 107, 76, 132, 117, 94, 88, 96, 90, 115, 73, 98, 73, 90, 61, 112, 91, 120, 77, 116, 54, 184, 92, 40, 91, 92, 7
32
Botnet
1
320, 1420, 726, 999, 1648, 3, 2363, 273, 3, 390, 36, 3311, 183, 9, 2355, 436, 342, 356, 32, 1483, 992, 28, 813, 4959, 382, 3, 2, 993, 31, 1
26
Scanner
29
1136, 730, 609, 611, 712, 608, 624, 632, 638, 594, 724, 815, 635, 703, 640, 489, 755, 566, 595, 646, 549, 900, 662, 978, 840, 720, 861, 806, 508, 29

Canada phishing attacks in the last 30 days

Company Phishing sites %
Desjardins Financial 421
27.498367080339648,72.50163291966035
27.5%
CIBC 399
26.06139777922926,73.93860222077075
26.1%
TD Bank 175
11.430437622468975,88.56956237753103
11.4%
American Express 119
7.7726975832789025,92.2273024167211
7.8%
Telus 119
7.7726975832789025,92.2273024167211
7.8%
ATB Financial 114
7.4461136512083606,92.55388634879164
7.4%
RBC Royal Bank 62
4.049640757674722,95.95035924232528
4.0%
Scotiabank 55
3.5924232527759634,96.40757674722404
3.6%
HSBC Bank 32
2.0901371652514698,97.90986283474854
2.1%
Bank of Montreal 24
1.5676028739386023,98.4323971260614
1.6%
Tangerine Bank 5
0.32658393207054215,99.67341606792945
0.3%
TMX 2
0.13063357282821686,99.86936642717178
0.1%
Bell 2
0.13063357282821686,99.86936642717178
0.1%
Shaw Communications 2
0.13063357282821686,99.86936642717178
0.1%
EQ Bank 0
0.0,100.0
0%
National Bank of Canada 0
0.0,100.0
0%
Laurentian Bank 0
0.0,100.0
0%
Vancity 0
0.0,100.0
0%
Servus Credit Union 0
0.0,100.0
0%
Manulife Financial 0
0.0,100.0
0%
Sun Life Financial 0
0.0,100.0
0%
iA Financial 0
0.0,100.0
0%
IFDS 0
0.0,100.0
0%
Rogers 0
0.0,100.0
0%
Fido 0
0.0,100.0
0%

Highly Discussed Vulnerabilities in the past 90 days.

Published Buzz Title CVE
2019-12-04
0, 47, 100

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).

View vulnerability details

CVE-2019-19521
2019-12-04
0, 13, 100

In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.

View vulnerability details

CVE-2019-19519
2019-12-04
0, 13, 100

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.

View vulnerability details

CVE-2019-19520
2019-12-04
0, 13, 100

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root.

View vulnerability details

CVE-2019-19522
2019-12-03
0, 3, 86, 12

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures …

View vulnerability details

CVE-2019-5096
2019-11-26
0, 70, 71, 23, 29, 19, 5, 6, 7, 4, 18

CVE-2019-11932 (double free in libpl_droidsonroids_gif) many apps vulnerable

View vulnerability details

CVE-2019-11932
2019-11-18
0, 3, 86, 70, 11, 5, 0, 0, 34, 6, 1

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any …

View vulnerability details

CVE-2019-12409
2019-11-15
0, 100, 100, 24, 13, 2, 6, 2, 3, 0, 1

Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software …

View vulnerability details

CVE-2019-12757
2019-11-14
0, 2, 62, 100, 100, 100, 100, 49, 12, 2, 11, 6

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS …

View vulnerability details

CVE-2019-11931
2019-11-13
0, 100, 43, 4, 1, 2, 4, 4, 5, 1, 0, 0

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.

View vulnerability details

CVE-2019-16863
2019-11-13
0, 7, 65, 14, 4, 17, 3, 5, 0, 0, 2

In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139806216

View vulnerability details

CVE-2019-2205
2019-11-13
0, 58, 67, 14, 6, 19, 7, 2, 1, 0, 4

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission.

View vulnerability details

CVE-2019-3648
2019-11-12
0, 19, 100, 22, 4, 1, 1, 2, 2, 0, 1

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.

View vulnerability details

CVE-2019-1429
2019-11-12
0, 4, 3, 0, 0, 0, 0, 0, 23, 100, 100

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

View vulnerability details

CVE-2019-1388
2019-11-12
0, 3, 84, 100, 100, 34, 13, 10, 1, 4, 2

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.

View vulnerability details

CVE-2019-1405
2019-11-07
0, 60, 38, 4, 0, 3, 0, 2, 1, 1, 0

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.

View vulnerability details

CVE-2019-3465
2019-10-28
0, 100, 42, 4, 0, 1, 0, 0, 1, 0, 1

Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound …

View vulnerability details

CVE-2019-18187
2019-10-28
0, 100, 100, 100, 78, 37, 16, 13, 7, 22, 9

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

View vulnerability details

CVE-2019-11043
2019-10-28
0, 14, 4, 4, 2, 3, 0, 83, 59, 10, 6

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

View vulnerability details

CVE-2019-16662
2019-10-21
0, 15, 67, 16, 5, 0, 1, 2, 0, 0, 0

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.

View vulnerability details

CVE-2019-18217
2019-10-18
0, 100, 41, 14, 13, 13, 4, 15, 5, 1, 0

CVE 2019-2215 Android Binder Use After Free

View vulnerability details

CVE-2019-2215
2019-10-17
0, 100, 59, 35, 20, 34, 18, 15, 24, 14, 29

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo …

View vulnerability details

CVE-2019-14287
2019-10-17
0, 66, 15, 1, 2, 60, 38, 5, 2, 3, 9

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC …

View vulnerability details

CVE-2019-11253
2019-10-16
0, 60, 10, 2, 0, 1, 0, 1, 2, 1

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a …

View vulnerability details

CVE-2019-17662
2019-10-16
0, 28, 81, 64, 5, 2, 1, 0, 0, 1

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover …

View vulnerability details

CVE-2019-2890
2019-10-14
0, 40, 100, 14, 1, 2, 2, 1, 1, 3, 1

A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.

View vulnerability details

CVE-2019-16279
2019-10-14
0, 41, 100, 23, 4, 3, 7, 31, 9, 7, 2

Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.

View vulnerability details

CVE-2019-16278
2019-10-11
0, 44, 15, 3, 5, 20, 100, 100, 100, 41, 15

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

View vulnerability details

CVE-2019-2215
2019-10-10
0, 2, 1, 0, 0, 0, 65, 20, 1, 3, 0

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'.

View vulnerability details

CVE-2019-1356
2019-10-09
0, 88, 100, 24, 4, 3, 2, 0, 2, 0, 0

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on …

View vulnerability details

CVE-2019-9535
2019-10-03
0, 100, 100, 41, 42, 13, 41, 100, 23, 7, 5

A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service.

View vulnerability details

CVE-2019-11932
2019-09-27
0, 1, 29, 10, 100, 100, 33, 11, 8, 0, 2

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

View vulnerability details

CVE-2019-16928
2019-09-24
0, 2, 100, 83, 56, 16, 51, 31, 25, 13, 3

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

View vulnerability details

CVE-2019-16759
2019-09-23
0, 100, 100, 100, 64, 28, 14, 5, 20, 11, 5

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.

View vulnerability details

CVE-2019-1367
2019-09-23
0, 80, 100, 42, 11, 5, 3, 1, 5, 6, 0

A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.

View vulnerability details

CVE-2019-1255
2019-09-19
0, 8, 8, 1, 1, 11, 5, 1, 100, 19, 1

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with …

View vulnerability details

CVE-2019-14994
2019-09-13
0, 100, 82, 35, 12, 7, 100, 31, 12, 4, 6

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

View vulnerability details

CVE-2019-12922
2019-09-13
0, 100, 82, 35, 12, 7, 100, 31, 12, 4, 6

phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery

View vulnerability details

CVE-2019-12922
2019-09-12
0, 35, 61, 19, 23, 10, 17, 20, 1, 0, 12

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

View vulnerability details

CVE-2019-10392
2019-09-11
0, 61, 43, 83, 8, 6, 20, 14, 0, 2, 0

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.

View vulnerability details

CVE-2019-1253
2019-09-11
0, 2, 39, 100, 10, 10, 26, 9, 10, 4, 6

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236.

View vulnerability details

CVE-2019-1208

World Map of Threats

Top sources of threats
Country Threats Contribution

Latest Threats