EGI CSIRT on Thematic CERN School on Security
Thematic CERN school of computing is taking place in Split from 19th to 25th of June 2022, EGI CSIRT prepared some interesting lectures and security exercises on Security Operations, Architecture security, Risk assessment, Logging and Traceability, Cloud and container...
Crypto miners
The EGI CSIRT has recently had several reports of malicious activities, where parts of infrastructures have been infected with cryptomining software. Crypto miners are tools that generate cryptocurrency, like Bitcoin. As these can generate profit relatively easily, it...
Vulnerabilities in Slurm’s authentication handling
Slurm has fixed 3 vulnerabilities in their new release, including CVE-2022-29500 in the authentication handling which may allow un unprivileged user to impersonate the SlurmUser account. This vulnerability is considered as critical. The fix is available in versions...
EGI CSIRT meeting in Lyon
From 23rd to 24th of May 2022, IN2P3 computing centre in Lyon will host the next EGI CSIRT F2F meeting, where we will discuss our operational tasks, prepare the content for the upcoming trainings and verify our security procedures and policies. Other security topics...
Two Linux kernel vulnerabilities: CVE-2021-4028, CVE-2021-4083
2 flaws were found in the linux kernel (CVE-2021-4028, CVE-2021-4083). Both may allow privilege escalation on the system. Eventhough the exploit is not very likely to happen, sites are advised to upgrade the kernel asap. SVG advisory is published on this page.
Vulnerabilities concerning expat XML parser
Vulnerabilities have been found concerning the expat XML parser, including two which may lead to arbitrary code execution (CVE-2022-25235, CVE-2022-25236). The expat XML parser is a library, written in C, which is a dependency for various other software. Details are...
