EGI CSIRT at the IRIS Security Workshop

EGI CSIRT will be taking part in a security workshop held for the IRIS eInfrastructure, a collaboration of science activities and provider entities driven by the physics communities supported by UKRI STFC in the UK. This workshop is designed to share experience and...

Kobalos malware – a new threat to HPC systems

An international data security firm, ESET, has published a report of a malware called Kobalos, a tiny, yet complex Linux and Unix threat, targeting supercomputing clusters. The ESET report describes Kobalos as a backdoor that works on Linux and Unix. Some compromised...

Sudo privilege escalation vulnerability CVE-2021-3156

The Qualys Research Team has discovered a vulnerability in sudo, CVE-2021-3156. Patches are already available in the vendor repositories. Any unprivileged user can gain root privileges. The vulnerability is present in all legacy versions from 1.8.2 to 1.8.31p2 and all...

dCache file ownership vulnerability

In the end of November, a vulnerability has been discovered in dCache service, which may in some circumstances allow an unauthenticated person to change file ownership, view and delete arbitrary files. The vulnerability has been fixed in dCache versions 6.2.10,...

Operational Security Training: DDoS attacks

The next GEANT training module of the Operational Security Training is coming up, containing 4 sessions which will take place from 8th to 17th of February 2021. This training module covers DDoS attacks. The most common attacks will be presented with ways how to detect...

New year and time for a new EGI CSIRT F2F meeting

The first EGI CSIRT virtual F2F meeting in the year 2021 will take place from 25th to 26th of January. The usual topics on the schedule will be software vulnerability handling, security policy making and past security incidents debriefing. We will also focus on the...