Docker symlink-race attack CVE-2018-15664
Docker has been found vulnerable to a symlink-race attack in the API behind "docker cp". Some information on this has been published publicly already. Attackers can gain read-write access to the host filesystem with root privileges. A patch is not available yet, one...
EGI CSIRT at the HEP System Managers meeting
The HEP System Managers meeting is a traditional event to gather administrators responsible for high-energy IT resources in UK to share experience and discuss current topics. The last HEP SYSMAN meeting took place at the Rutherford Appleton Laboratory on the Harwell...
Microarchitectural Data Sampling (MDS) vulnerabilities
After several hardware-level security vulnerabilities Meltdown, Spectre, Speculative Store Buffet Bypass and Foreshadow, Intel has released information about a new group of security vulnerabilities, called MDS aka "RIDL" aka "Fallout" aka "Zombieland" affecting most...
EGI-CSIRT presentations at the EGI Conference
Last week EGI Conference took place in Amsterdam. EGI-CSIRT had two interesting talks on cloud security and federated security. Both presentations are available online: Information Security 3: Who you gonna call by David Groep Security in a cloud environment by David...
Security Forensics Training at EGI Conference 2019
You are all welcome to join us at the Security Forensics Training at the EGI conference, which will take place in Amsterdam from 6th to 8th of May 2019. The Security Training will address aspects of the recent Service Security Challenge run against the EGI...
Taipei security workshop presentations
In the end of March 2019, EGI CSIRT had a full-day security workshop at the International Symposium on Grids & Clouds 2019 (ISGC 2019) in Taipei, focusing on network monitoring, incident response and forensics. Security workshop materials are now available online:...
