What is a software vulnerability and what to do if you find one?
A software vulnerability is a weakness in software which could allow actions to be carried out which are not intended. This may be the usage of resources, access to data, destruction or encryption of data (e.g. ransomware). A software vulnerability in software...
EGI CSIRT meeting in Ljubljana
Another very busy EGI CSIRT meeting in beautiful Ljubljana, thanks a lot to JSI for having us! Besides the great hospitality the CSIRT enjoyed discussions on lessons learned from the latest incidents, how to improve our view on things in the EGI infrastructure, as...
Docker symlink-race attack CVE-2018-15664
Docker has been found vulnerable to a symlink-race attack in the API behind "docker cp". Some information on this has been published publicly already. Attackers can gain read-write access to the host filesystem with root privileges. A patch is not available yet, one...
EGI CSIRT at the HEP System Managers meeting
The HEP System Managers meeting is a traditional event to gather administrators responsible for high-energy IT resources in UK to share experience and discuss current topics. The last HEP SYSMAN meeting took place at the Rutherford Appleton Laboratory on the Harwell...
Microarchitectural Data Sampling (MDS) vulnerabilities
After several hardware-level security vulnerabilities Meltdown, Spectre, Speculative Store Buffet Bypass and Foreshadow, Intel has released information about a new group of security vulnerabilities, called MDS aka "RIDL" aka "Fallout" aka "Zombieland" affecting most...
Vulnerabilities in systemd-journald
A set of vulnerabilities in systemd-journald have been reported by Qualys which can be used for root privilege escalation. Information about the vulnerabilities can be found in our advisory.
