Easily Prioritize Vulnerabilities Based on Real Environmental Risks with Upwind

Flowchart with a central icon and surrounding elements: trophy, bug, database, microchip, brackets, fingerprint, lock, and star. Lines connect each icon to the center, illustrating interconnectedness. Upwind logo in the top left corner.

We are excited to announce a significant enhancement to Upwind’s vulnerability management capabilities – prioritization of vulnerabilities based on highly privileged identities and sensitive data context. Upwind has always deeply prioritized vulnerabilities based on real-world context, correlating them with CI/CD and DevOps context to provide end-to-end visibility and protection.  With this latest enhancement, Upwind now also […]

Location and Paths Forensics for your Vulnerability Findings

A grid of light purple shopping bag icons with one prominent dark purple bag icon in the center. The word upwind is in the top left corner. The background is white with a mix of solid and outlined icons.

We are excited to introduce a new functionality in the Upwind platform that directly addresses a key challenge in vulnerability management: quickly pinpointing the location of specific package versions. With this enhancement, you can now effortlessly track where your vulnerabilities reside, eliminating guesswork and speeding up your response time. Understanding the full impact and scope […]

Introducing The Next Generation of Shift Left Security, Powered by Runtime

Diagram showing a grid of 25 pink circles with warning symbols on the left transforming into a grid of 25 circles with only two pink warning symbols on the right. Arrows indicate transition from left to right. Upwind is in the top left corner.

Today, we’re thrilled to introduce Upwind Shift Left – a major new capability in the Upwind platform that brings the power of runtime intelligence to CI/CD pipelines, transforming how teams secure their software at every step. By marrying real-world runtime context with build-time best practices, this next-generation solution redefines shift left for modern cloud security. […]

Proactively Secure Your Kubernetes With Upwind’s Vulnerability Management

Illustration of a shipping container with a Kubernetes logo, labeled MyPod, illuminated by a spotlight. The scene has a digital, futuristic feel with a dark blue and white color scheme. The word Upwind is in the top right corner.

Upwind’s runtime vulnerability management leverages real-time, runtime insights and correlates them with CI/CD and DevOps context, giving you end-to-end visibility and protection for Kubernetes and associated workloads.  Upwind’s vulnerability management intelligently prioritizes your most critical vulnerabilities based on real environmental factors, cutting out around 95% of alert noise to focus on the risks that pose […]

Deep Dive: CVE-2024-37902 and Potential Impact on DeepJavaLibrary Users

A warning sign labeled DJL DeepJavaLibrary CVE-2024-37902 stands on a sandy beach with palm trees. In the background, a large wave crashes, and a surfboard is visible in the surf.

AWS announced today, June 17, that there is a potential security issue with archive extraction utilities in DeepJavaLibrary versions 0.1.0 through 0.27.0 that could allow an attacker to tamper with your system. What is DeepJavaLibrary? DJL is a free, open-source library by AWS used for building deep learning models in Java. It provides easy-to-use tools […]

Prioritize & Eliminate Critical Risks with Upwind

Upwind brings a new approach that redefines the speed, visibility and actionability of cloud security, cutting 95% of alert noise to help you focus on your most critical risks. The Upwind Cloud Security Platform gives you the ability to: Accelerate productivity and empower your Dev, Security, and DevOps teams to innovate within a secure & […]

Master Risk Prioritization by Leveraging Insights into Runtime Facts & Critical Cloud Misconfigurations

A surfboard labeled CI floats in the center of a circular formation of sharks, silhouetted against a blue background with a light gradient. The word upwind is in the top right corner.

In today’s increasingly cloud-centric business landscape, securing your cloud environment is crucial. The growth and dynamic nature of attack surfaces often make it difficult for security teams to identify and address their most critical risks, resulting in a lack of clear prioritization and delaying remediation. Upwind’s Cloud Security Platform actively addresses this challenge by leveraging […]

Evaluate Your Vulnerability Resolution Over Time

A promotional graphic for Upwind featuring the text Evaluate Your Vulnerability Resolution Over Time. It shows colorful umbrellas and abstract shapes against a gradient blue to sand-colored background.

We are excited to announce a new section in the Upwind Platform – the Vulnerability Dashboard.  The Vulnerability Dashboard will give you the ability to see both an overview of your current critical vulnerabilities and the state of your vulnerabilities over time.  Get an instant overview of your current vulnerabilities, including: The Vulnerability Dashboard will […]

Upwind takes over ArgoCD and an EKS Cluster Using Only A Simple CSRF Vulnerability

Illustration of a smiling cartoon character with headphones emerging from a hole in sandy terrain, resembling a computer vulnerability. Text reads ArgoCD Vulnerability with a subtitle about exploiting a CSRF vulnerability to take over ArgoCD and EKS clusters.

In recent weeks, Upwind’s research team dug into Argo CD, our research revealed two batches of vulnerabilities, specifically critical security vulnerabilities in Argo CD, including Cross-Site Request Forgery (CSRF) impacting GET, POST, and PUT requests, and Remote Code Execution (RCE) capabilities.  These vulnerabilities opened doors to unauthorized exposure and manipulation of sensitive data within Kubernetes […]