![](https://www.upwind.io/wp-content/uploads/2024/07/k8s-identities_-1024x615.png)
Understanding Kubernetes Identities, Part 1
When it comes to Kubernetes, managing identities is pivotal for ensuring secure and efficient cluster operations. These identities can be human users or machines, each requiring specific permissions to perform their tasks. In our latest research, we have explored what Kubernetes identities are, the default identities, the permissions they can have, how to configure these […]
![](https://www.upwind.io/wp-content/uploads/2024/06/ArgoCD-Vuln-c-1024x576.png)
Upwind Discovers New ArgoCD CVE-2024-37152 & Takes Over a Kubernetes Cluster
The Upwind research team is constantly monitoring the evolving threat landscape for emerging threats and vulnerabilities, and we recently discovered a new Unauthenticated Access vulnerability in ArgoCD – CVE-2024-37152. While this is only a moderate CVE, our research team found it as part of a toxic combination that included internet exposure. This combination permitted unauthorized […]
![](https://www.upwind.io/wp-content/uploads/2024/07/Gitlab-1024x615.png)
GitLab Releases Critical CVEs Batch
GitLab has released crucial updates for both its Community Edition (CE) and Enterprise Edition (EE) with versions 17.1.1, 17.0.3, and 16.11.5. These updates address multiple high-severity security vulnerabilities, and all GitLab installations must be upgraded to these versions immediately. GitLab.com is already running the patched versions. Run Pipelines as Any User (CVE-2024-5655) This flaw allows […]
![](https://www.upwind.io/wp-content/uploads/2024/07/openssh-1024x615.png)
regreSSHion: RCE in OpenSSH’s Server on glibc-based Linux Systems (CVE-2024-6387)
OpenSSH is widely known for managing secure shell connections (SSH). However, a recently discovered vulnerability in OpenSSH’s server (sshd), known as regreSSHion, has been identified. If a client does not authenticate within the LoginGraceTime (120 seconds by default, 600 seconds in older versions), sshd’s SIGALRM handler is called asynchronously. This signal handler calls functions that […]
![](https://www.upwind.io/wp-content/uploads/2024/06/DJL-1024x615.png)
Deep Dive: CVE-2024-37902 and Potential Impact on DeepJavaLibrary Users
AWS announced today, June 17, that there is a potential security issue with archive extraction utilities in DeepJavaLibrary versions 0.1.0 through 0.27.0 that could allow an attacker to tamper with your system. What is DeepJavaLibrary? DJL is a free, open-source library by AWS used for building deep learning models in Java. It provides easy-to-use tools […]
![](https://www.upwind.io/wp-content/uploads/2024/05/k8s-recon-1-1024x615.png)
How Attackers Use Kubernetes for Reconnaissance
There has been a notable increase in Kubernetes-focused attacks in recent years with the growing adoption of Kubernetes in production environments. According to various reports from cybersecurity firms, Kubernetes vulnerabilities and misconfigurations have become a prime target for attackers, with a significant rise in the number of reported incidents. This highlights the importance of robust […]
![](https://www.upwind.io/wp-content/uploads/2024/04/Google-Cloud-Code_-1024x615.png)
How We Impersonated Cloud Code by Google Cloud and Took Over GCP Accounts
The Upwind security research team is constantly examining threat landscapes and potential attack paths. In one of our recent searches, we discovered an anomaly in the authentication behavior of Google Developer tools that security practitioners should be aware of. We discovered this threat landscape by running scans on GCP Cloud Code, during which we found […]
![](https://www.upwind.io/wp-content/uploads/2024/03/xz-utils--1024x615.png)
CVE-2024-3094: How to Protect Against the SSHD Backdoor Found in XZ Utilities
CVE: CVE-2024-3094 Affected versions: 5.6.0, 5.6.1 Affected Distributions: Fedora 41, Fedora Rawhide, Alpine, openSUSE, Debian experimental distributions versions 5.5.1alpha-0.1 to 5.6.1-1. On March 29, 2024, CISA warned of a malicious backdoor in the popular data compression software library XZ Utils. The vulnerability has been designated as CVE-2024-3094, and has been assigned a CVSS (Common Vulnerability […]
![](https://www.upwind.io/wp-content/uploads/2024/03/NAT_Gateway-1024x615.png)
Optimizing AWS Infrastructure Costs with Upwind: A Deep Dive into NAT Gateway Savings
It’s easy to see the benefits of Upwind’s runtime solution for network mapping when it comes to security. Here, we want to talk about an additional use case – cost savings. In the world of cloud computing, managing costs while ensuring optimal performance is a balancing act that many organizations face. An often overlooked aspect of […]
![](https://www.upwind.io/wp-content/uploads/2024/02/argocd-csrf-vuln-2-1024x576.png)
Upwind takes over ArgoCD and an EKS Cluster Using Only A Simple CSRF Vulnerability
In recent weeks, Upwind’s research team dug into Argo CD, our research revealed two batches of vulnerabilities, specifically critical security vulnerabilities in Argo CD, including Cross-Site Request Forgery (CSRF) impacting GET, POST, and PUT requests, and Remote Code Execution (RCE) capabilities. These vulnerabilities opened doors to unauthorized exposure and manipulation of sensitive data within Kubernetes […]