PuTTY vulnerability vuln-p521-bias
PuTTY tools from 0.68 to 0.80 inclusive have a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server.)...
CRITICAL risk Vulnerability in xz data compression tools
A CRITICAL risk vulnerability CVE-2024-3094 has been found in recent versions of xz data compression tools. Only a few Linux distributions use the versions affected, which does not include RHEL and its derivatives like RockyLinux and AlmaLinux. Hence most EGI sites...
EGI-CSIRT at ISGC2024 in Taipei
EGI CSIRT will participate at International Symposium of Grids and Clouds. Together with eduGAIN CSIRT, EGI CSIRT will run an Incident Response table top exercise where participants will have to take on the roles of IdP, SP, Federation Operators and solve a fictitious...
SOC Hackaton in CERN
This week, CERN is hosting the second SOC WG Hackathon, a 2.5 day workshop focused on work to deploy Security Operations Centres at R&E organisation through the use of reference designs and documentation. The topics will include: Zeek MISP Documentation...
High risk vulnerability in Lustre
HIGH risk vulnerability CVE-2023-51786 has been discovered in Lustre where users may gain access to files and/or folders which they should not have permission to access based on their user or group ID. This may lead to data compromise or possible privilege escalation....
High risk Kernel vulnerabilities in RHEL8
RedHat released a new Kernel version, fixing multiple vulnerabilities in RHEL8, but also some in RHEL7 and RHEL9. CVE ID/CVSS Score : CVE-2023-4623/7.8 Affecting RHEL7, RHEL8, and RHEL9 CVE ID/CVSS Score : CVE-2023-4921/7.8 Affecting RHEL7 and RHEL8 CVE ID/CVSS Score...
