Global Cyber Threats 

Global | Canada | US

Last year's Threats

Last month's Threats

51
Phishing
320
914, 885, 2018, 1520, 1520, 1700, 1710, 1623, 730, 1818, 1701, 1343, 1419, 1358, 1136, 969, 1081, 1277, 1233, 1506, 1382, 1669, 1131, 1766, 1516, 1629, 1351, 1663, 1137, 320
0
Malware
0
0, 0, 48, 17, 12, 16, 22, 0, 1, 10, 49, 10, 33, 16, 0, 0, 63, 26, 83, 31, 22, 0, 42, 25, 22, 15, 0, 13, 17, 0
0
Spam
4
19, 19, 20, 20, 19, 20, 19, 22, 13, 7, 34, 10, 14, 14, 15, 16, 14, 9, 22, 12, 24, 24, 9, 23, 17, 18, 21, 10, 16, 4
38
Botnet
139
10, 1206, 1, 1367, 1264, 0, 5058, 1252, 1678, 442, 360, 311, 319, 1265, 0, 643, 725, 8647, 10, 794, 0, 1200, 174, 238, 383, 5, 1726, 1195, 299, 139
8
Scanner
44
222, 238, 192, 210, 180, 218, 201, 201, 201, 200, 215, 230, 203, 210, 259, 237, 243, 244, 270, 240, 208, 219, 227, 201, 201, 198, 208, 199, 218, 44

Canada phishing attacks in the last 30 days

Company Phishing sites %
Covid-19 / Financial 186
20.217391304347824,79.78260869565217
20.2%
CIBC 62
6.739130434782608,93.26086956521739
6.7%
Scotiabank 61
6.630434782608696,93.3695652173913
6.6%
Covid-19 / Healthcare 60
6.521739130434782,93.47826086956522
6.5%
Desjardins Financial 59
6.41304347826087,93.58695652173913
6.4%
RBC Royal Bank 58
6.304347826086956,93.69565217391305
6.3%
Covid-19 / Transport 56
6.086956521739131,93.91304347826087
6.1%
Walmart 55
5.978260869565218,94.02173913043478
6.0%
HSBC Bank 50
5.434782608695652,94.56521739130434
5.4%
American Express 41
4.456521739130435,95.54347826086956
4.5%
TD Bank 39
4.239130434782608,95.76086956521739
4.2%
Costco 38
4.130434782608695,95.86956521739131
4.1%
Bank of Montreal 32
3.4782608695652173,96.52173913043478
3.5%
Metro 28
3.0434782608695654,96.95652173913044
3.0%
ATB Financial 18
1.956521739130435,98.04347826086956
2.0%
Telus 17
1.8478260869565217,98.15217391304348
1.8%
Tangerine Bank 14
1.5217391304347827,98.47826086956522
1.5%
Whole Foods 13
1.4130434782608696,98.58695652173913
1.4%
Air Canada 9
0.9782608695652175,99.02173913043478
1.0%
Bell 8
0.8695652173913043,99.1304347826087
0.9%
National Bank of Canada 7
0.7608695652173914,99.23913043478261
0.8%
Shaw Communications 5
0.5434782608695652,99.45652173913044
0.5%
Shoppers Drug Mart 2
0.21739130434782608,99.78260869565217
0.2%
Manulife Financial 1
0.10869565217391304,99.8913043478261
0.1%
TMX 1
0.10869565217391304,99.8913043478261
0.1%
EQ Bank 0
0.0,100.0
0%
Laurentian Bank 0
0.0,100.0
0%
Vancity 0
0.0,100.0
0%
Servus Credit Union 0
0.0,100.0
0%
Sun Life Financial 0
0.0,100.0
0%
iA Financial 0
0.0,100.0
0%
IFDS 0
0.0,100.0
0%
Rogers 0
0.0,100.0
0%
Fido 0
0.0,100.0
0%
Loblaws 0
0.0,100.0
0%
Sobeys 0
0.0,100.0
0%
Jean Coutu 0
0.0,100.0
0%
Rexall 0
0.0,100.0
0%
Uniprix 0
0.0,100.0
0%
Pharmasave 0
0.0,100.0
0%
Via Rail 0
0.0,100.0
0%
Westjet 0
0.0,100.0
0%
Airtransat 0
0.0,100.0
0%

Highly Discussed Vulnerabilities in the past 90 days.

Published Buzz Title CVE
2020-07-10
0, 100, 100

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

View vulnerability details

CVE-2020-8196
2020-07-10
0, 100, 100

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.

View vulnerability details

CVE-2020-8193
2020-07-10
0, 100, 100

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.

View vulnerability details

CVE-2020-8195
2020-07-08
0, 100, 95, 18, 3

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This …

View vulnerability details

CVE-2020-2034
2020-07-02
0, 100, 70, 14, 6, 83, 28, 10, 5, 0, 0

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.

View vulnerability details

CVE-2020-9498
2020-07-02
0, 100, 72, 15, 8, 86, 34, 7, 7, 1, 0

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.

View vulnerability details

CVE-2020-9497
2020-07-01
0, 11, 9, 100, 100, 100, 100, 100, 100, 100, 100

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

View vulnerability details

CVE-2020-5902
2020-06-29
0, 100, 100, 100, 74, 100, 25, 15, 16, 20, 11

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. …

View vulnerability details

CVE-2020-2021
2020-06-17
0, 16, 61, 10, 0, 0, 3, 0, 3, 2, 2

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, …

View vulnerability details

CVE-2020-8619
2020-06-17
0, 23, 62, 7, 0, 0, 2, 0, 1, 2, 2

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

View vulnerability details

CVE-2020-8618
2020-06-09
0, 1, 36, 1, 31, 100, 30, 38, 2, 0, 1

A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised …

View vulnerability details

CVE-2020-1300
2020-06-09
0, 12, 100, 20, 8, 5, 0, 0, 3, 6, 2

An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege Vulnerability'.

View vulnerability details

CVE-2020-1317
2020-06-09
0, 100, 100, 100, 22, 19, 2, 5, 3, 3, 0

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.

View vulnerability details

CVE-2020-1301
2020-06-09
0, 1, 100, 30, 3, 0, 0, 1, 14, 20, 1

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.

View vulnerability details

CVE-2020-1281
2020-06-09
0, 100, 100, 100, 51, 17, 10, 17, 8, 6, 1

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.

View vulnerability details

CVE-2020-1206
2020-06-09
0, 17, 100, 40, 14, 16, 24, 5, 8, 2

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.

View vulnerability details

CVE-2020-1299
2020-06-09
0, 1, 2, 0, 3, 0, 0, 0, 0, 75, 63

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

View vulnerability details

CVE-2020-1181
2020-06-08
0, 44, 100, 33, 32, 7, 4, 2, 8, 17, 7

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

View vulnerability details

CVE-2020-12695
2020-06-05
0, 8, 0, 0, 1, 99, 35, 8, 0, 0, 0

A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.

View vulnerability details

CVE-2020-8103
2020-06-04
0, 11, 1, 1, 3, 100, 100, 57, 34, 17, 70

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always …

View vulnerability details

CVE-2020-13777
2020-06-03
0, 2, 34, 100, 37, 47, 2, 11, 2, 5, 5, 6

[CVE-2020-9484] Apache Tomcat RCE via PersistentManager

View vulnerability details

CVE-2020-9484
2020-06-03
0, 100, 92, 27, 8, 4, 12, 4, 1, 8, 0, 4

APPLE-SA-2020-06-01-4 watchOS 6.2.6

View vulnerability details

CVE-2020-9859
2020-06-03
0, 100, 92, 27, 8, 4, 12, 4, 1, 8, 0, 4

APPLE-SA-2020-06-01-3 tvOS 13.4.6

View vulnerability details

CVE-2020-9859
2020-06-03
0, 100, 92, 27, 8, 4, 12, 4, 1, 8, 0, 4

APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1

View vulnerability details

CVE-2020-9859
2020-05-28
0, 19, 23, 4, 100, 19, 7, 2, 2, 0, 0

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.

View vulnerability details

CVE-2020-13693
2020-05-22
0, 23, 74, 22, 18, 20, 4, 2, 1, 2, 1

Remote Code Execution in qmail (CVE-2005-1513)

View vulnerability details

CVE-2020-3812
CVE-2020-3811
CVE-2005-1513
2020-05-21
0, 2, 67, 20, 1, 1, 4, 1, 1, 0, 0, 0

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'.

View vulnerability details

CVE-2020-1195
2020-05-20
0, 20, 83, 90, 42, 6, 9, 9, 2, 1, 1

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and …

View vulnerability details

CVE-2020-9484
2020-05-20
0, 77, 33, 3, 3, 1, 0, 2, 0, 0, 0

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.

View vulnerability details

CVE-2020-5753
2020-05-19
0, 74, 100, 78, 30, 4, 2, 5, 0, 2, 10

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at …

View vulnerability details

CVE-2020-8616
2020-05-19
0, 76, 25, 22, 18, 1, 3, 0, 0, 1, 2

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

View vulnerability details

CVE-2020-12662
2020-05-19
0, 74, 23, 12, 2, 0, 4, 2, 0, 1, 1

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

View vulnerability details

CVE-2020-12663
2020-05-19
0, 68, 100, 100, 58, 15, 12, 10, 4, 5, 14

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not …

View vulnerability details

CVE-2020-8617
2020-05-15
0, 64, 3, 7, 2, 9, 0, 0, 0, 1, 0

Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow.

View vulnerability details

CVE-2020-13109
2020-05-12
0, 9, 100, 35, 13, 2, 3, 7, 40, 9, 0, 0

It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.

View vulnerability details

CVE-2020-11932
2020-05-11
0, 4, 5, 100, 62, 14, 1, 0, 0, 0, 1

Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.

View vulnerability details

CVE-2020-5837
2020-05-07
0, 9, 15, 5, 100, 58, 32, 29, 17, 17, 4

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.

View vulnerability details

CVE-2020-12720
2020-04-30
0, 29, 37, 8, 71, 100, 47, 56, 26, 12, 8

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

View vulnerability details

CVE-2020-11652
2020-04-30
0, 45, 100, 46, 100, 100, 100, 88, 43, 14, 14

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run …

View vulnerability details

CVE-2020-11651
2020-04-28
0, 80, 19, 2, 1, 0, 1, 0, 6, 0, 0

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file …

View vulnerability details

CVE-2020-12078
2020-04-21
0, 63, 10, 2, 0, 0, 0, 0, 0, 0, 1

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker …

View vulnerability details

CVE-2020-11008
2020-04-21
0, 100, 100, 58, 26, 8, 1, 2, 0, 1, 9

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. …

View vulnerability details

CVE-2020-1967
2020-04-15
0, 100, 67, 5, 2, 2, 0, 0, 3, 4, 0

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote …

View vulnerability details

CVE-2020-1020
2020-04-15
0, 100, 68, 5, 4, 2, 0, 0, 3, 4, 0

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote …

View vulnerability details

CVE-2020-0938
2020-04-15
0, 60, 4, 6, 0, 0, 0, 0, 0, 0, 0

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.

View vulnerability details

CVE-2020-0760
2020-04-15
0, 81, 7, 1, 2, 1, 2, 0, 0, 0, 0

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003.

View vulnerability details

CVE-2020-1027
2020-04-15
0, 100, 23, 7, 0, 0, 1, 1, 0, 1, 0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks …

View vulnerability details

CVE-2020-2914
2020-04-15
0, 100, 24, 8, 0, 0, 1, 1, 0, 1, 0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM …

View vulnerability details

CVE-2020-2958
2020-04-15
0, 100, 23, 7, 0, 0, 1, 1, 0, 1, 0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks …

View vulnerability details

CVE-2020-2913
2020-04-15
0, 100, 24, 8, 0, 0, 1, 1, 0, 1, 0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM …

View vulnerability details

CVE-2020-2907

World Map of Threats

Top sources of threats
Country Threats Contribution

Latest Threats