Crypto miners
The EGI CSIRT has recently had several reports of malicious activities, where parts of infrastructures have been infected with cryptomining software. Crypto miners are tools that generate cryptocurrency, like Bitcoin. As these can generate profit relatively easily, it...
Vulnerabilities in Slurm’s authentication handling
Slurm has fixed 3 vulnerabilities in their new release, including CVE-2022-29500 in the authentication handling which may allow un unprivileged user to impersonate the SlurmUser account. This vulnerability is considered as critical. The fix is available in versions...
EGI CSIRT meeting in Lyon
From 23rd to 24th of May 2022, IN2P3 computing centre in Lyon will host the next EGI CSIRT F2F meeting, where we will discuss our operational tasks, prepare the content for the upcoming trainings and verify our security procedures and policies. Other security topics...
Two Linux kernel vulnerabilities: CVE-2021-4028, CVE-2021-4083
2 flaws were found in the linux kernel (CVE-2021-4028, CVE-2021-4083). Both may allow privilege escalation on the system. Eventhough the exploit is not very likely to happen, sites are advised to upgrade the kernel asap. SVG advisory is published on this page.
Vulnerabilities concerning expat XML parser
Vulnerabilities have been found concerning the expat XML parser, including two which may lead to arbitrary code execution (CVE-2022-25235, CVE-2022-25236). The expat XML parser is a library, written in C, which is a dependency for various other software. Details are...
Critical risk vulnerabilities in Java 15 and later
A vulnerability has been found in Java (CVE-2022-21449), involving Improper Verification of Cryptographic Signature. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data. The details can be...
