EGI CSIRT

Computer Security Incident Response Team

MISSION

EGI CSIRT coordinates operational security activities within the EGI Infrastructure to deliver a secure and stable infrastructure, giving scientists and researchers the protection and confidence they require to safely and effectively carry out their research.

Find more about EGI CSIRT

CONTACTS

To report a security incident:

EGI data centres: follow SEC01 and report an incident
Everyone else: abuse@egi.eu

To report a software vulnerability:

report-vulnerability@egi.eu or use this web form
(don’t discuss on open forums)

Or contact us via email

WHAT WE DO

Prevention of security incidents (security monitoring, software vulnerability handling, risk assessment and mitigation)
Incident response
Security policy and procedures
Security Trainings

Find out more about our activities

TRAININGS

Keeping the EGI infrastructure secure requires an understanding of attack and defense techniques that goes beyond the average skill set of system administrators. Security training is vital to guarantee that local teams are able to use available information for a complete incident response. EGI CSIRT has a diverse catalogue of training modules, developed by the team or by partner institutions.

Up to Critical risk of Remote code execution in JupyterLab and Jupyter Notebook

A vulnerability in JupyterLab (CVE-2021-32797) and in Jupyter Notebook (CVE-2021-32798) have been reported and allow untrusted code execution. Sites providing those services should update to the latest version of JupyterLab and Jupyter Notebook. Details can be found...

HTCondor Security Vulnerabilities

Two vulnerabilities in HTCondor have been found, one of them may allow users to run code as another user or read the data accessible to that user's running jobs, which is considered a HIGH risk for EGI infrastructure. Versions 8.8.15, 9.0.4, 9.1.2 contain fixes for...