Deep Dive: CVE-2024-37902 and Potential Impact on DeepJavaLibrary Users
AWS announced today, June 17, that there is a potential security issue with archive extraction utilities in DeepJavaLibrary versions 0.1.0 through 0.27.0 that could allow an attacker to tamper with your system. What is DeepJavaLibrary? DJL is a free, open-source library by AWS used for building deep learning models in Java. It provides easy-to-use tools […]
Prioritize & Eliminate Critical Risks with Upwind
Upwind brings a new approach that redefines the speed, visibility and actionability of cloud security, cutting 95% of alert noise to help you focus on your most critical risks. The Upwind Cloud Security Platform gives you the ability to: Accelerate productivity and empower your Dev, Security, and DevOps teams to innovate within a secure & […]
Master Risk Prioritization by Leveraging Insights into Runtime Facts & Critical Cloud Misconfigurations
In today’s increasingly cloud-centric business landscape, securing your cloud environment is crucial. The growth and dynamic nature of attack surfaces often make it difficult for security teams to identify and address their most critical risks, resulting in a lack of clear prioritization and delaying remediation. Upwind’s Cloud Security Platform actively addresses this challenge by leveraging […]
Evaluate Your Vulnerability Resolution Over Time
We are excited to announce a new section in the Upwind Platform – the Vulnerability Dashboard. The Vulnerability Dashboard will give you the ability to see both an overview of your current critical vulnerabilities and the state of your vulnerabilities over time. Get an instant overview of your current vulnerabilities, including: The Vulnerability Dashboard will […]
Upwind takes over ArgoCD and an EKS Cluster Using Only A Simple CSRF Vulnerability
In recent weeks, Upwind’s research team dug into Argo CD, our research revealed two batches of vulnerabilities, specifically critical security vulnerabilities in Argo CD, including Cross-Site Request Forgery (CSRF) impacting GET, POST, and PUT requests, and Remote Code Execution (RCE) capabilities. These vulnerabilities opened doors to unauthorized exposure and manipulation of sensitive data within Kubernetes […]
Reduce Attack Surfaces with Distroless Images – Part 1
Upwind pioneered a method to streamline patch management and significantly reduce vulnerabilities for Upwind users through leveraging runtime data. When it’s challenging to eliminate unneeded binaries and artifacts from applications, there are two strategies available: Both approaches aim to minimize image size and reduce the attack surface, while Distroless images require no patching, no upgrading […]
Visualize Internet Exposure Paths in Real-Time
We are excited to announce a new capability – real-time Internet exposure path visualization. This new capability visualizes exposure paths from the Internet for AWS resources, showing you the entire exposure path through Internet gateways, routing tables, security groups and load balancers. This gives you the ability to identify attack paths and better prioritize vulnerabilities […]
Runtime-based Risk Augmentation in Your Cloud Infrastructure Topology
We’re excited to announce a major capability in our runtime topology map that will now include risk overview context icons and new filter capabilities. Using these new capabilities, you can view each resource’s risk overview at a glance with built-in icons on the topology map. This allows you to rapidly filter and locate at-risk resources […]
Upwind’s SBOM Explorer – Your Weapon for the Next 0-day Attack
We are excited to announce a new feature – Upwind’s Packages Tab. You can now view all of the packages in your environment and their dependencies in Upwind’s Packages Tab. This serves as an SBOM explorer, as it includes all packages (with or without vulnerabilities). With this capability, you can now search for all packages, […]
Automatically Find Exposed Secrets Across Your Cloud Workloads
Supercharge your cloud security with Upwind’s Exposed Secrets scanning! Exposed secrets include: Exposed secrets can cause serious damage to your organization if they fall into the wrong hands, potentially giving bad actors the opportunity to use these tokens to gain broader access to sensitive data and critical infrastructure. To keep this from happening, Upwind now […]
