Critical vulnerability for OpenStack with iSCSI or FC-based volumes
A vulnerability has been reported in OpenStack concerning an inconsistency between Cinder and Nova, CVE-2023-2088. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is on...
High risk Use-after-free flaw in Linux kernel TLS protocol
A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. The assigned CVE to this vulnerability is CVE-2023-0461. This flaw allows a local user to crash or...
13th Thematic CERN School of Computing on Security
Registration to the 13th Thematic CERN School of Computing on Security 2023 is now opened, where members of EGI CSIRT will be actively involved. It will take place in Split from 8th to 14th of October 2023. The theme of the school is "Security of research computing...
Security training at EGI Conference 2023
EGI CSIRT held an interesting and fruitful training and discussions at the EGI Conference 2023. First two sessions covered Threat Intelligence and SOC, and Security in OIDC deployments, followed by a hands-on security training on forensics. Threat Intelligence and the...
Blue team security training
We would like to bring your attention to the Blue team security training, which will take place online by DFN-CERT on 18th of July 2023. You can register on this link: https://connect.geant.org/2023/06/21/geant-security-blue-team-training-online-event Blue teams...
EGI-CSIRT F2F meeting in Poznan
EGI-CSIRT is meeting in person again, this time in Poznan on 19th and 20th of June 2023. Main topics of our discussions include planning future activities, trainings, incident debriefing, security challenge assessment and lessons learned.
