WebP Zero-Day: Everything You Need to Know About Libwebp
This month, the Citizen Lab at The University of Toronto’s Munk School and Apple Security Engineering and Architecture (SEA) opened two critical vulnerabilities related to WebP images and Google’s webmproject/libwebp library. So, what is Libwebp? Libwebp is a commonly used library used to render WebP images. WebP is a modern image format that provides superior […]
Filter Out the Noise And Focus on the Vulnerabilities that Actually Matter
We’re excited to release an important capability for our Runtime Vulnerability management. Starting today, you can view an end-to-end funnel of your vulnerabilities, apply critical filters to your vulnerabilities data and answer these tough questions within seconds:
- Is the package loaded into memory or actively in use?
- Is the package exposed to the Internet?
- Is remote execution possible?
- Is there active ingress or egress traffic related to the package?
- Does the package have access to sensitive data?
- Is there an available exploit for the vulnerability?
- Is a vendor-supplied fix available?
You can now customize your vulnerability reports and filter vulnerabilities that are in use, Internet facing, have a fix available and are exploitable – helping you rapidly filter and prioritize the alerts that actually matter to your organization.
Use Upwind’s Vulnerability Funnel to run custom reports by vulnerability, image or resource type and streamline your remediation by getting highly personalized alert information to the right members of your security team, in record time.
Leverage Runtime Data to Govern Your Database Network Access
We are excited to announce that Upwind has now added enrichment to RDS clusters and Google Cloud SQL in our context-rich topology map, leveraging runtime data to let you govern your database network access. The Upwind platform has always shown communication to RDS, but starting now, the map will drill down into the specific databases your assets communicate with and provide you with rich visualization and context on the topology map. Get even more visibility and view your RDS clusters and instances with mile-deep context, in real-time.
Upwind’s Runtime-Powered Threat Detection
As organizations move to the cloud and put their mission-critical applications and most sensitive information in the cloud, adversaries target it and are using AI to compromise companies in hours, making the issue of threats and attempted cloud attacks a question of “when” not “if.” IBM’s Cost of a Data Breach Report in 2022 showed that 45 […]
Workflow Automation Support For Jira
We are excited to announce Upwind’s Jira integration, connecting your workflows for faster remediation. You can now make a Jira ticket for all Upwind threat and vulnerability detections, allowing you to get vital information to the right person, with the right context, in record time. For more information on how to use the Upwind platform and use the Jira integration, contact us at [email protected].
Connect Multiple Accounts using CloudFormation StackSets
Mass onboarding & automation with ease: connecting multiple AWS accounts using CloudFormation StackSets. You can now connect multiple cloud accounts using CloudFormation StackSets, making it a seamless process to connect to your environment and integrate with it.
This feature focuses on ease of use, making it easier than ever to deploy Upwind across your cloud and receive mile-deep context for all your AWS accounts.
How to Secure Kubernetes (on the) Right
A detailed look at why runtime insights are needed to secure Kubernetes.
