Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations

Remote Code Execution (RCE) in CUPS via ‘cups-browsed’ CUPS (Common Unix Printing System) is a popular printing system for Unix-like systems, with cups-browsed responsible for printer discovery and network browsing. A recent vulnerability in cups-browsed allows Remote Code Execution (RCE) through manipulated printer discovery responses. This vulnerability is caused by insufficient input validation on UDP […]

Critical 9.9 Linux Bug Exposes Containers, Hosts and Endpoints to Remote Code Execution (RCE) Exploits

Several critical Linux vulnerabilities have been declared, involving a bug in CUPS, the Common UNIX Printing System. All versions of Red Hat Enterprise Linux (RHEL) are among the Linux distributions affected, but not in default configuration.  There are four vulnerabilities that have been identified and allocated the following CVEs – CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. […]

Cloud Heist: How Hackers Lock Accounts and Drain Wallets

Cloud environments have changed how organizations manage their infrastructure, offering flexibility and scalability. But these benefits also bring new risks, and even small mistakes in cloud security can have serious consequences. For example, Google Cloud once accidentally deleted data from a $125 billion Australian pension fund due to a simple configuration error. Although this wasn’t […]

How Adversaries Use Telegram to Evade Detection

In recent years, there has been a significant increase in adversaries exploiting popular messaging apps such as Telegram, Discord, Signal, and others to conceal their malicious activities. Among these platforms, Telegram stands out due to its robust security features, including end-to-end encryption and anonymous account creation, making it a go-to tool for cybercriminals. Overview Most […]

Google Issues Emergency Patch for Chrome Zero-Day (CVE-2024-7965)

Overview On July 30, 2024, a critical zero-day vulnerability (CVE-2024-7965) was discovered in Google Chrome’s V8 JavaScript engine. Google swiftly responded with an emergency patch after confirming that this flaw was being actively exploited in the wild. On August 26, 2024, Google released a new Chrome version addressing this issue that all Chrome users should […]

Understanding Kubernetes Identities, Part 1

When it comes to Kubernetes, managing identities is pivotal for ensuring secure and efficient cluster operations. These identities can be human users or machines, each requiring specific permissions to perform their tasks. In our latest research, we have explored what Kubernetes identities are, the default identities, the permissions they can have, how to configure these […]

Upwind Discovers New ArgoCD CVE-2024-37152 & Takes Over a Kubernetes Cluster

The Upwind research team is constantly monitoring the evolving threat landscape for emerging threats and vulnerabilities, and we recently discovered a new Unauthenticated Access vulnerability in ArgoCD – CVE-2024-37152. While this is only a moderate CVE, our research team found it as part of a toxic combination that included internet exposure. This combination permitted unauthorized […]

GitLab Releases Critical CVEs Batch

GitLab has released crucial updates for both its Community Edition (CE) and Enterprise Edition (EE) with versions 17.1.1, 17.0.3, and 16.11.5. These updates address multiple high-severity security vulnerabilities, and all GitLab installations must be upgraded to these versions immediately. GitLab.com is already running the patched versions. Run Pipelines as Any User (CVE-2024-5655) This flaw allows […]

regreSSHion: RCE in OpenSSH’s Server on glibc-based Linux Systems (CVE-2024-6387)

OpenSSH is widely known for managing secure shell connections (SSH). However, a recently discovered vulnerability in OpenSSH’s server (sshd), known as regreSSHion, has been identified. If a client does not authenticate within the LoginGraceTime (120 seconds by default, 600 seconds in older versions), sshd’s SIGALRM handler is called asynchronously. This signal handler calls functions that […]