Arbitrary file access through custom S3 XML entities in Swift’s XML parser
A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. See more...
Security workshop at ISGC in Taipei
EGI CSIRT ran a successful full-day security workshop at the ISGC conference that took place from 19th to 24fh of March 2023 in Taipei. The focus was on Threat intelligence and security operations, Risk Management and Security Challenge that was prepared by the EGI...
Multiple NVIDIA GPU vulnerabilities
NVIDIA has announced several vulnerabilities in the NVIDIA GPU display driver. Affected sites should upgrade as soon as possible. See more in the Advisory-SVG-CVE-2023-0189
Security challenge coming up
In February 2023 EGI CSIRT ran a security communication challenge which enabled verifying the security contact list. This is an important preparation part of the incident response. At the end of the month, EGI CSIRT is about to run a security challenge which will...
Joint F2F meeting in Prague
A joint face to face meeting of the EGI CSIRT / EGI-ACE T7.5 / EOSC-Future T7.5 activities was held between 16th-18th January in Prague. This very productive meeting focused both on current work and on the future development of these activities in the coming years,...
Successful security workshop in Edinburgh
On the 11th of January, members of EGI CSIRT delivered a lively and well-received security workshop for the IRIS digital research infrastructure in the UK. This workshop focused on security architecture and risk management, building on work on materials from the...
