Back to all posts
Research

Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations

Remote Code Execution (RCE) in CUPS via ‘cups-browsed’ CUPS (Common Unix Printing System) is a popular printing system for Unix-like systems, with cups-browsed responsible for printer discovery and network browsing. A recent vulnerability in cups-browsed allows Remote Code Execution (RCE) through manipulated printer discovery responses. This vulnerability is caused by insufficient input validation on UDP […]

Research

Google Issues Emergency Patch for Chrome Zero-Day (CVE-2024-7965)

Overview On July 30, 2024, a critical zero-day vulnerability (CVE-2024-7965) was discovered in Google Chrome’s V8 JavaScript engine. Google swiftly responded with an emergency patch after confirming that this flaw was being actively exploited in the wild. On August 26, 2024, Google released a new Chrome version addressing this issue that all Chrome users should […]

Research

Understanding Kubernetes Identities Part 2: Escalation Paths

In Kubernetes, understanding identity escalation paths is crucial for managing security risks effectively. This blog post delves into defining highly privileged identities and exploring potential privilege escalation paths using highly privileged permissions. Definition of a Highly Privileged Identity in Kubernetes In Kubernetes, a highly privileged identity refers to entities such as users or service accounts […]

Research

Understanding File-Based Attacks

File-based attacks are a growing concern in cybersecurity. These attacks involve tampering with files to gain unauthorized access, steal information, or cover up malicious activities. In this post, we’ll break down what file-based attacks are, look at some real-world examples, and walk through a typical attack scenario. What Are File-Based Attacks? File-based attacks exploit how […]

Research

Understanding Kubernetes Identities, Part 1

When it comes to Kubernetes, managing identities is pivotal for ensuring secure and efficient cluster operations. These identities can be human users or machines, each requiring specific permissions to perform their tasks. In our latest research, we have explored what Kubernetes identities are, the default identities, the permissions they can have, how to configure these […]

Research

regreSSHion: RCE in OpenSSH’s Server on glibc-based Linux Systems (CVE-2024-6387)

OpenSSH is widely known for managing secure shell connections (SSH). However, a recently discovered vulnerability in OpenSSH’s server (sshd), known as regreSSHion, has been identified. If a client does not authenticate within the LoginGraceTime (120 seconds by default, 600 seconds in older versions), sshd’s SIGALRM handler is called asynchronously. This signal handler calls functions that […]

Research

Deep Dive: CVE-2024-37902 and Potential Impact on DeepJavaLibrary Users

AWS announced today, June 17, that there is a potential security issue with archive extraction utilities in DeepJavaLibrary versions 0.1.0 through 0.27.0 that could allow an attacker to tamper with your system. What is DeepJavaLibrary? DJL is a free, open-source library by AWS used for building deep learning models in Java. It provides easy-to-use tools […]

Research

How Attackers Use Kubernetes for Reconnaissance

There has been a notable increase in Kubernetes-focused attacks in recent years with the growing adoption of Kubernetes in production environments. According to various reports from cybersecurity firms, Kubernetes vulnerabilities and misconfigurations have become a prime target for attackers, with a significant rise in the number of reported incidents. This highlights the importance of robust […]

Add the Upwind RSS Feed to Slack

Connect the Upwind RSS Feed to your Slack.
Follow the how-to here.