EGI CSIRT Workshop on Information Security Risk management
On the 13th and 14th of February, EGI CSIRT organised a Workshop on Information Security Risk management, which took place in Amsterdam. Information security risk management (ITSRM) is a crucial process for identifying, assessing, and mitigating the risks that...
Leaky Vessels: HIGH risk vulnerability in runc
A vulnerability CVE-2024-21626 in a core container infrastructure component, 'runc' has been discovered, that allows container escapes. An attacker could use these container escapes to gain unauthorized access to the underlying host operating system from within the...
HIGH risk array indexing vulnerability in netfilter
An array indexing vulnerability CVE-2023-42753 was found in the netfilter subsystem of the Linux kernel, which may allow a local user to crash the system or potentially escalate their privileges on the system. PoC for this vulnerability is publicly available. Details...
EGI-CSIRT first F2F meeting in 2024
The EGI CSIRT traditionally meets in Prague for the first F2F meeting in the year. The discussions in this meeting will cover our core activities (handling software vulnerabilities, incident response, security monitoring and others), our security policies and...
Terrapin
A new vulnerability in the SSH cryptographic network protocol has been discovered (CVE-2023-48795) that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The vulnerability has been found in OpenSSH before...
Intel processor vulnerability CVE-2023-23583
A security vulnerability CVE-2023-23583 was found in some Intel processors potentially allowing privilege escalation, information disclosure and/or a denial of service via local access. See more about this vulnerability in our SVG Advisory.
