Security workshop at ISGC 2021
EGI CSIRT will be participating in ISGC 2021, which is taking place online. In particular, as in previous years, we have a Security Workshop - this year we have a half-day workshop taking place on Monday 22nd at 0800 UTC, which will cover trust frameworks, the sharing...
Degraded UMD/CMD infrastructure availability
As circulated via the EGI broadcast tool on the 4th March 2021, we have been made aware of a compromise on the Wordpress instance supporting the frontend of the UMD infrastructure. From what is known at the moment, someone gained access to a test user account with...
EGI CSIRT at the IRIS Security Workshop
EGI CSIRT will be taking part in a security workshop held for the IRIS eInfrastructure, a collaboration of science activities and provider entities driven by the physics communities supported by UKRI STFC in the UK. This workshop is designed to share experience and...
Kobalos malware – a new threat to HPC systems
An international data security firm, ESET, has published a report of a malware called Kobalos, a tiny, yet complex Linux and Unix threat, targeting supercomputing clusters. The ESET report describes Kobalos as a backdoor that works on Linux and Unix. Some compromised...
Sudo privilege escalation vulnerability CVE-2021-3156
The Qualys Research Team has discovered a vulnerability in sudo, CVE-2021-3156. Patches are already available in the vendor repositories. Any unprivileged user can gain root privileges. The vulnerability is present in all legacy versions from 1.8.2 to 1.8.31p2 and all...
dCache file ownership vulnerability
In the end of November, a vulnerability has been discovered in dCache service, which may in some circumstances allow an unauthenticated person to change file ownership, view and delete arbitrary files. The vulnerability has been fixed in dCache versions 6.2.10,...
