RSS for Slack
All Posts

How We Impersonated Cloud Code by Google Cloud and Took Over GCP Accounts

The Upwind security research team is constantly examining threat landscapes and potential attack paths. In one of our recent searches, we discovered an anomaly in the authentication behavior of Google Developer tools that security practitioners should be aware of.  We discovered this threat landscape by running scans on GCP Cloud Code, during which we found […]


CVE-2024-3094: How to Protect Against the SSHD Backdoor Found in XZ Utilities

CVE: CVE-2024-3094 Affected versions: 5.6.0, 5.6.1 Affected Distributions: Fedora 41, Fedora Rawhide, Alpine, openSUSE, Debian experimental distributions versions 5.5.1alpha-0.1 to 5.6.1-1. On March 29, 2024, CISA warned of a malicious backdoor in the popular data compression software library XZ Utils. The vulnerability has been designated as CVE-2024-3094, and has been assigned a CVSS (Common Vulnerability […]


Upwind takes over ArgoCD and an EKS Cluster Using Only A Simple CSRF Vulnerability

In recent weeks, Upwind’s research team dug into Argo CD, our research revealed two batches of vulnerabilities, specifically critical security vulnerabilities in Argo CD, including Cross-Site Request Forgery (CSRF) impacting GET, POST, and PUT requests, and Remote Code Execution (RCE) capabilities.  These vulnerabilities opened doors to unauthorized exposure and manipulation of sensitive data within Kubernetes […]


Evaluating Microsoft’s Cyber Hack

Russian state-sponsored threat actor Nobelium recently attacked Microsoft and hacked numerous accounts using a password-spray attack. This allowed them to access a test account and gain access to Microsoft corporate email accounts, including senior leaders. After gaining access, they were able to operate within Microsoft’s infrastructure for more than two months before being discovered.

This indicates a total unawareness of how infrastructure and applications are behaving at runtime, highlighting the importance of runtime data in cloud security.

Leveraging runtime data is the key to securing your cloud infrastructure and applications. With runtime insights, you can identify anomalous human and machine activities and suspicious behavior in real time and quickly take steps to block it, rather than finding out days – or in Microsoft’s case – months later.

Learn more about how Upwind provides protections and controls at runtime:

Make 2024 your year of real-time cloud security.

Read More

Reduce Attack Surfaces with Distroless Images – Part 1

Upwind pioneered a method to streamline patch management and significantly reduce vulnerabilities for Upwind users through leveraging runtime data. When it’s challenging to eliminate unneeded binaries and artifacts from applications, there are two strategies available: Both approaches aim to minimize image size and reduce the attack surface, while Distroless images require no patching, no upgrading […]


A New Deadly Combination in Nginx

Recently a deadly combination of vulnerabilities emerged, posing a severe threat to Kubernetes clusters utilizing Ingress-Nginx. By exploiting three critical vulnerabilities: attackers can execute arbitrary code and escalate privileges, all with access to the Nginx Annotation object. These vulnerabilities have been confirmed in both NGINX and Kubernetes/Ingress-Nginx, as reported by Google and various GitHub issues. […]


Why Talking with Generative AI Might Be Dangerous

Large Language Models (LLMs) have emerged as game-changers in the rapidly evolving realm of artificial intelligence. While LLMs promise revolutionary capabilities such as analyzing vast datasets, mastering language nuances, and predicting user behavior, they also raise multiple security concerns that users should be aware of.  Spotlight: LangChain, the MVP of LLM-Driven Applications LangChain is a […]


Apache Pinot Vulnerability: Everything You Need to Know About the 900 Associated CVEs

During CVE research at Upwind, we encountered an unfamiliar Apache service known as Apache Pinot. Apache Pinot is a real-time distributed OnLine Analytical Processing (OLAP) datastore specifically designed to deliver low-latency responses to OLAP queries. The Apache Pinot architecture is comprised of four key components: Why Use Apache Pinot? Organizations implement Apache Pinot to enhance […]


WebP Zero-Day: Everything You Need to Know About Libwebp 

This month, the Citizen Lab at The University of Toronto’s Munk School and Apple Security Engineering and Architecture (SEA) opened two critical vulnerabilities related to WebP images and Google’s webmproject/libwebp library.  So, what is Libwebp?  Libwebp is a commonly used library used to render WebP images.  WebP is a modern image format that provides superior […]

Add the Upwind
RSS Feed to Slack

Connect the Upwind RSS Feed to your Slack.
Follow the how-to here.