QRadar Community Edition 7.3.1.6 Insecure File Permissions Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions ------------------------------------------------------------------------ Abstra...

Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135)

Summary IBM QRadar SIEM when using Intel CPUs could allow a local authenticated attacker to obtain sensitive information Vulnerability Details CVEID: CVE-2019-11135 DESCRIPTION: Multiple Intel CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a TSX...

What does it take to become a good reverse engineer?

How much money and effort does it take to become a good reverse engineer? Do you even need to be one? There are no universally acceptable answers to these questions. Software reverse engineering RE is not a science but a skillset combined with specific knowledge and backed by a lot of experience...

QRadar Community Edition 7.3.1.6 Authorization Bypass

------------------------------------------------------------------------ Authorization bypass in QRadar Forensics web application ------------------------------------------------------------------------ Yorick Koster, September 2019...

QRadar Community Edition 7.3.1.6 Insecure File Permissions

------------------------------------------------------------------------ Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions ------------------------------------------------------------------------ Yorick Koster, September 2019...

QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation

------------------------------------------------------------------------ Arbitrary class instantiation & local file inclusion vulnerability in QRadar Forensics web application ------------------------------------------------------------------------ Yorick Koster, September 2019...

Security Bulletin: IBM QRadar SIEM is vulnerable to improper input validation (CVE-2020-4151)

Summary IBM QRadar SIEM is vulnerable to improper input validation, allowing an authenticated attacker to perform unauthorized actions Vulnerability Details CVEID: CVE-2020-4151 DESCRIPTION: IBM QRadar could allow an authenticated attacker to perform unauthorized actions due to improper input...

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities (CVE-2017-3164)

Summary IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities Vulnerability Details CVEID: CVE-2017-3164 DESCRIPTION: Apache Solr is vulnerable to server-side request forgery, caused by not having corresponding allowlist mechanism in the shards parameter. By using a...

Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure (CVE-2019-4594)

Summary IBM QRadar could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security Vulnerability Details CVEID: CVE-2019-4594 DESCRIPTION: IBM QRadar could allow a remote attacker to obtain sensitive information, caused by the...

Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure (CVE-2019-4593)

Summary IBM QRadar SIEM is vulnerable to information exposure Vulnerability Details CVEID: CVE-2019-4593 DESCRIPTION: IBM QRadar generates an error message that includes sensitive information that could be used in further attacks against the system. CVSS Base score: 4.3 CVSS Temporal Score: See:...

Security Bulletin: IBM QRadar SIEM is vulnerable to invalid certificate validation (CVE-2019-4654)

Summary IBM QRadar SIEM does not validate, or incorrectly validates, a certificate. Vulnerability Details CVEID: CVE-2019-4654 DESCRIPTION: IBM QRadar does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle MI...

Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2020-4269)

Summary IBM QRadar SIEM contains hard-coded credentials Vulnerability Details CVEID: CVE-2020-4269 DESCRIPTION: IBM QRadar contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or...

Security Bulletin: IBM QRadar SIEM is vulnerable to Server-Side Request Forgery (SSRF) (CVE-2020-4294)

Summary IBM QRadar SIEM is vulnerable to Server-Side Request Forgery SSRF Vulnerability Details CVEID: CVE-2020-4294 DESCRIPTION: IBM QRadar SIEM is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially...

Security Bulletin: IBM QRadar SIEM is vulnerable to PHP object injection (CVE-2020-4271)

Summary IBM QRadar SIEM is vulnerable to PHP object injection Vulnerability Details CVEID: CVE-2020-4271 DESCRIPTION: IBM QRadar could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. CVSS Base score: 6.3 CVSS Temporal Score: See:...

Security Bulletin: IBM QRadar SIEM is vulnerable to instantiation of arbitrary objects (CVE-2020-4272)

Summary IBM QRadar SIEM is vulnerable to vulnerable to instantiation of arbitrary objects based on user-supplied input. Vulnerability Details CVEID: CVE-2020-4272 DESCRIPTION: IBM QRadar could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted...

Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2020-4268)

Summary IBM QRadar SIEM is vulnerable to cross site scripting Vulnerability Details CVEID: CVE-2020-4268 DESCRIPTION: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

Sherloq - An Open-Source Digital Image Forensic Toolset

An open source image forensic toolset Introduction "Forensic ImageAnalysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications...

Check Point Security Gateway Denial of Service (sk161812)

A denial of service DoS vulnerability exists in Checkpoint Security Gateway R80.30 when the Threat Prevention Forensics feature is enabled. An authenticated, local attacker can exploit this issue by implementing a specific copnfiguration of enhanced logging, to cause the system to stop responding...

MGM Grand Breach Leaked Details of 10.6 Million Guests Last Summer

A hacking forum this week published details of more than 10.6 million guests who stayed at MGM Resorts, the result of a breach due to unauthorized access to a cloud server that occurred at the famous Las Vegas hotel and casino last summer. The incident—revealed in a published report on ZDNet...

Cybersecurity Research During the Coronavirus Outbreak and After

Virus outbreaks are always gruesome: people, animals or computer systems get infected within a short time. Of course, viruses spreading across our physical world always take priority over the virtual world. Nevertheless, everyone should keep doing their job, which includes all kinds of malware...