Critical vulnerability in Microsoft Outlook
There is a critical zero click vulnerability in Microsoft Outlook, CVE-2024-30103, which enables remote code execution. When exploited, this vulnerability can enable an attacker to execute arbitrary code on the system, leading to data breaches, unauthorised access and...
EGI-CSIRT at The France Grilles technical workshop
France Grilles GIS organised a technical workshop from 3 to 5 June 2024. Baptiste Grenier, Senior Service Delivery Officer and Information Security Manager at the EGI Foundation, also member of EGI CSIRT, took part in the meeting with a presentation during the “Le...
High risk vulnerability in glibc CVE-2024-2961
A HIGH risk vulnerability CVE-2024-2961 has been found concerning glibc where an out-of-bounds write flaw in the ISO-2022-CN-EXT plugin for glibc’s iconv library may allow remote code execution See: https://advisories.egi.eu/Advisory-EGI-SVG-2024-10
EGI-CSIRT at NeIC Conference 2024
NeIC Conference 2024 took place at Tallinn from 27th to 29th of May. In the Containers in HPC session, EGI-CSIRT had a talk on Secure Usage of Containers in the HPC environment. We have discussed the security aspects of using containers and the ways in which container...
CRITICAL risk Netfilter vulnerability CVE-2024-1086
A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nft_verdict_init() function, allowing positive values as a drop error within the hook verdict, therefore, the nf_hook_slow() function can cause a double-free vulnerability when...
EGI-CSIRT at ISC 2024
EGI-CSIRT participated in the ISC High Performance Conference 2024 with a presentation on User Namespaces, are they good, bad or evil? The use of user namespaces reduces the attack surface in the event of a compromise, it allows isolation of the workload, but the...
