Back to all posts
RSS for Slack
White Kubernetes logo on a pink background with circular patterns. Text below reads, Arbitrary command execution through gitRepo volume (CVE-2024-10220).
Research

Critical Kubernetes gitRepo Volume Vulnerability: CVE-2024-10220

A critical security vulnerability identified as CVE-2024-10220 has been discovered in Kubernetes’ deprecated gitRepo volume type. This vulnerability allows attackers with permissions to create pods using gitRepo volumes to execute arbitrary commands on the host node with root privileges, potentially leading to full system compromise. The gitRepo volume type was designed to clone Git repositories […]

A pink cloud icon with a lock symbol in a smaller circle on a white background, surrounded by concentric circles. The word upwind is in the top left corner.
Research

Ransomware’s Reach: Data Risks, IP Theft, and Encryption Takeover in the Cloud

In our previous article on Cloud Heists, we highlighted how attackers exploit credential theft and privilege escalation to take over cloud environments. However, ransomware poses an even broader threat, targeting cloud platforms to steal sensitive data, disrupt business operations, and hold companies hostage. In this post, we’ll explore these growing ransomware trends and offer insights […]

A pink background with concentric circles features a white bug icon in a circle and text below reading Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534). The word upwind appears in the top right corner.
Research

Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)

A critical Remote Code Execution (RCE) vulnerability identified as CVE-2024-21534 has been discovered in versions of the jsonpath-plus package before 10.0.0. This vulnerability allows attackers to execute arbitrary code on affected systems by exploiting improper input sanitization and the unsafe default usage of the vm module in Node.js. jsonpath-plus is a JavaScript implementation of JSONPath […]

A pink graphic shows a penguin inside a circle, symbolizing Linux, and an icon representing printing. The text reads Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations with the Upwind logo in the top right corner.
Research

Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations

Remote Code Execution (RCE) in CUPS via ‘cups-browsed’ CUPS (Common Unix Printing System) is a popular printing system for Unix-like systems, with cups-browsed responsible for printer discovery and network browsing. A recent vulnerability in cups-browsed allows Remote Code Execution (RCE) through manipulated printer discovery responses. This vulnerability is caused by insufficient input validation on UDP […]

A stylized image with a pink background features a penguin inside a circle, symbolizing Linux. Next to it is a printer icon. Text reads Critical 9.9 Linux (CUPS) Vulnerability followed by CVE identifiers. The top right corner has the Upwind logo.
Research

Critical 9.9 Linux Bug Exposes Containers, Hosts and Endpoints to Remote Code Execution (RCE) Exploits

Several critical Linux vulnerabilities have been declared, involving a bug in CUPS, the Common UNIX Printing System. All versions of Red Hat Enterprise Linux (RHEL) are among the Linux distributions affected, but not in default configuration.  There are four vulnerabilities that have been identified and allocated the following CVEs – CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. […]

Futuristic graphic featuring a glowing cloud icon at the center of a circular dial with measurement markings. The background has a gradient of blue and gray tones, with the word Upwind in the top right corner.
Research

Cloud Heist: How Hackers Lock Accounts and Drain Wallets

Cloud environments have changed how organizations manage their infrastructure, offering flexibility and scalability. But these benefits also bring new risks, and even small mistakes in cloud security can have serious consequences. For example, Google Cloud once accidentally deleted data from a $125 billion Australian pension fund due to a simple configuration error. Although this wasn’t […]

A pink background with a white bug icon in the center, symbolizing a vulnerability. Text below reads: Jenkins Agents Remote Code Execution Vulnerability (CVE-2024-43044). The word Upwind is in the top right corner.
Research

Jenkins Agents Remote Code Execution Vulnerability (CVE-2024-43044)

A critical remote code execution (RCE) vulnerability, identified as CVE-2024-43044, has been discovered in Jenkins, one of the most widely used automation servers. The vulnerability resides in the ClassLoaderProxy#fetchJar method and could allow attackers to compromise Jenkins environments by exploiting unrestricted file path requests from agents to the Jenkins controller. Understanding CVE-2024-43044 CVE-2024-43044 is a […]

A pink and white sunburst pattern with a central white paper airplane icon in a pink circle. The top left corner has the text upwind in black.
Research

How Adversaries Use Telegram to Evade Detection

In recent years, there has been a significant increase in adversaries exploiting popular messaging apps such as Telegram, Discord, Signal, and others to conceal their malicious activities. Among these platforms, Telegram stands out due to its robust security features, including end-to-end encryption and anonymous account creation, making it a go-to tool for cybercriminals. Overview Most […]

Colorful illustration of six clownfish swimming among purple sea anemones on a blue background with bubbles. The word Upwind is displayed in white text in the top right corner.
Research

Understanding Kubernetes Identities Part 2: Escalation Paths

In Kubernetes, understanding identity escalation paths is crucial for managing security risks effectively. This blog post delves into defining highly privileged identities and exploring potential privilege escalation paths using highly privileged permissions. Definition of a Highly Privileged Identity in Kubernetes In Kubernetes, a highly privileged identity refers to entities such as users or service accounts […]

Add the Upwind RSS Feed to Slack

Connect the Upwind RSS Feed to your Slack.
Follow the how-to here.