Various Linux kernel vulnerabilities
We would like to point out two vulnerabilities found in the Linux Kernel, that are high risk for our infrastructure. CVE-2020-25211 A buffer overflow vulnerability has been announced by RedHat which may allow a local user to crash the system, compromise data...
Successful security workshop at ISGC 2021
We had a very successful Security Workshop on Monday 22nd March as part of ISGC 2021, including a discussion of the new Trusted CI Framework, the sharing and active use of threat intelligence, and a hands-on container security session. The threat intelligence session...
HTCondor versions 8.9.2 through 8.9.10 vulnerabilities
2 vulnerabilities have been found concerning HTCondor, affecting a limited number of versions. One may allow any authenticated user to impersonate any other user on the Condor system, and potentially reconfigure the HTCondor daemons. The other may allow any...
Security workshop at ISGC 2021
EGI CSIRT will be participating in ISGC 2021, which is taking place online. In particular, as in previous years, we have a Security Workshop - this year we have a half-day workshop taking place on Monday 22nd at 0800 UTC, which will cover trust frameworks, the sharing...
Degraded UMD/CMD infrastructure availability
As circulated via the EGI broadcast tool on the 4th March 2021, we have been made aware of a compromise on the Wordpress instance supporting the frontend of the UMD infrastructure. From what is known at the moment, someone gained access to a test user account with...
EGI CSIRT at the IRIS Security Workshop
EGI CSIRT will be taking part in a security workshop held for the IRIS eInfrastructure, a collaboration of science activities and provider entities driven by the physics communities supported by UKRI STFC in the UK. This workshop is designed to share experience and...
