Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)
A critical Remote Code Execution (RCE) vulnerability identified as CVE-2024-21534 has been discovered in versions of the jsonpath-plus package before 10.0.0. This vulnerability allows attackers to execute arbitrary code on affected systems by exploiting improper input sanitization and the unsafe default usage of the vm module in Node.js. jsonpath-plus is a JavaScript implementation of JSONPath […]
Automatically Secure AWS Lambda Functions with Upwind
We are excited to announce support for AWS Lambda as a part of Upwind’s agentless Cloud Scanners. Upwind’s protection for Lambda functions running on AWS can be seen throughout the Upwind platform, extending our proactive risk analysis and visibility across your entire cloud infrastructure – from containers to VMs to serverless. What are Lambda Functions? […]
Upwind’s Record-Breaking Sensor Scans 30GB Container Images Using Only 3% of its Image Size
Upwind’s eBPF sensor is lightweight and high performance, which was recently shown in a record-breaking image scan with customer H2O.ai. When scanning H2O.ai’s 30GB container image with multiple dependencies, the Upwind sensor consumed less than 1GB of RAM, about 3% of the image size, demonstrating how Upwind ensures comprehensive runtime security coverage with a lightweight […]
Cloud Ransomware Webinar: Understanding the Threats, Mastering the Defense
Upwind’s research team dives into the latest cloud ransomware threats and top ways to protect your organization. The webinar recording also covers the recent CUPS RCE zero-day vulnerability and looks at how to safeguard your systems.
Upwind Named in Top Ten Cloud, Data & Identity Security Startups to Watch
We are excited to announce that Upwind has been named by CRN as one of the top ten up-and-coming players in the cloud, identity and data security segments. The list features startups founded since 2020 with major announcements or achievements in 2024. Upwind was also recently named as the Fastest Growing AppSec Company in the […]
Upwind’s Comprehensive Protection for AWS ECS Fargate Resources
The Upwind platform includes comprehensive protection for cloud infrastructure and applications, including Amazon Elastic Container Service (ECS) Fargate. AWS Fargate has numerous advantages, but it also presents unique cloud security challenges, which Upwind actively solves with real-time monitoring and protection. In this article, we will cover the basic anatomy of AWS Fargate, challenges that make […]
Upwind CEO Amiram Shachar on NYSE TV
Upwind CEO Amiram Shachar joins NYSE TV to discuss Upwind’s next-generation cloud security platform, including its use of AI and machine learning to ensure comprehensive cloud security.
Seamlessly Protect Infrastructure and Applications on Microsoft Azure with Upwind
The Upwind Cloud Security Platform provides comprehensive protection for infrastructure and applications across any cloud environments, including Microsoft Azure. This includes protection for Azure assets, infrastructure and applications within every capability of the Upwind platform, including: “Upwind seamlessly protects our Azure environment, making it easy to understand our most critical cloud security posture findings, automatically […]
Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations
Remote Code Execution (RCE) in CUPS via ‘cups-browsed’ CUPS (Common Unix Printing System) is a popular printing system for Unix-like systems, with cups-browsed responsible for printer discovery and network browsing. A recent vulnerability in cups-browsed allows Remote Code Execution (RCE) through manipulated printer discovery responses. This vulnerability is caused by insufficient input validation on UDP […]
Critical 9.9 Linux Bug Exposes Containers, Hosts and Endpoints to Remote Code Execution (RCE) Exploits
Several critical Linux vulnerabilities have been declared, involving a bug in CUPS, the Common UNIX Printing System. All versions of Red Hat Enterprise Linux (RHEL) are among the Linux distributions affected, but not in default configuration. There are four vulnerabilities that have been identified and allocated the following CVEs – CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. […]
