Kobalos malware – a new threat to HPC systems
An international data security firm, ESET, has published a report of a malware called Kobalos, a tiny, yet complex Linux and Unix threat, targeting supercomputing clusters. The ESET report describes Kobalos as a backdoor that works on Linux and Unix. Some compromised...
Sudo privilege escalation vulnerability CVE-2021-3156
The Qualys Research Team has discovered a vulnerability in sudo, CVE-2021-3156. Patches are already available in the vendor repositories. Any unprivileged user can gain root privileges. The vulnerability is present in all legacy versions from 1.8.2 to 1.8.31p2 and all...
dCache file ownership vulnerability
In the end of November, a vulnerability has been discovered in dCache service, which may in some circumstances allow an unauthenticated person to change file ownership, view and delete arbitrary files. The vulnerability has been fixed in dCache versions 6.2.10,...
Operational Security Training: DDoS attacks
The next GEANT training module of the Operational Security Training is coming up, containing 4 sessions which will take place from 8th to 17th of February 2021. This training module covers DDoS attacks. The most common attacks will be presented with ways how to detect...
New year and time for a new EGI CSIRT F2F meeting
The first EGI CSIRT virtual F2F meeting in the year 2021 will take place from 25th to 26th of January. The usual topics on the schedule will be software vulnerability handling, security policy making and past security incidents debriefing. We will also focus on the...
Operational network security training: DNS
GÉANT organizes the third module in the “Operational network security” training programme, which will be dedicated to the Domain Name System. The training encompasses 4 sessions, scheduled between 30th of November and 10th of December 2020 and it is available to...
