CVE-2024-3094: How to Protect Against the SSHD Backdoor Found in XZ Utilities

CVE: CVE-2024-3094 Affected versions: 5.6.0, 5.6.1 Affected Distributions: Fedora 41, Fedora Rawhide, Alpine, openSUSE, Debian experimental distributions versions 5.5.1alpha-0.1 to 5.6.1-1. On March 29, 2024, CISA warned of a malicious backdoor in the popular data compression software library XZ Utils. The vulnerability has been designated as CVE-2024-3094, and has been assigned a CVSS (Common Vulnerability […]

Evaluate Your Vulnerability Resolution Over Time

We are excited to announce a new section in the Upwind Platform – the Vulnerability Dashboard.  The Vulnerability Dashboard will give you the ability to see both an overview of your current critical vulnerabilities and the state of your vulnerabilities over time.  Get an instant overview of your current vulnerabilities, including: The Vulnerability Dashboard will […]

WebP Zero-Day: Everything You Need to Know About Libwebp 

This month, the Citizen Lab at The University of Toronto’s Munk School and Apple Security Engineering and Architecture (SEA) opened two critical vulnerabilities related to WebP images and Google’s webmproject/libwebp library.  So, what is Libwebp?  Libwebp is a commonly used library used to render WebP images.  WebP is a modern image format that provides superior […]

Filter Out the Noise And Focus on the Vulnerabilities that Actually Matter

We’re excited to release an important capability for our Runtime Vulnerability management. Starting today, you can view an end-to-end funnel of your vulnerabilities, apply critical filters to your vulnerabilities data and answer these tough questions within seconds:  You can now customize your vulnerability reports and filter vulnerabilities that are in use, Internet facing, have a […]