Overview Apache has released a security update to address an important Apache Tomcat vulnerability (CVE-2024-56337) that could result in remote code execution (RCE) under certain conditions. This new CVE is closely tied to the earlier Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation (CVE-2024-50379), for which an incomplete mitigation was issued on December 17, […]

This year has been one of market penetration, expansion and innovation for Upwind. From exiting stealth in September 2023 to a little more than a year later, we expanded our global presence with offices in the UK, Iceland, Israel and the US, held a Series A, maintained a robust schedule of product innovation, and had […]

The Kubernetes Dashboard is a popular web-based interface designed to simplify the management of Kubernetes clusters. It provides an intuitive UI that allows users to view and manage cluster resources without needing to work directly with command-line tools. However, while convenient, the Kubernetes Dashboard also presents specific security risks that should be carefully managed, especially […]

As a part of Upwind’s runtime-powered threat detection capabilities, the Upwind Platform integrates seamlessly with AWS CloudTrail to provide real-time monitoring and detection of cloud logs. By leveraging AWS CloudTrail Logs generated at runtime, Upwind is able to provide deep runtime context and automatically alert you to suspicious or malicious log events. What is CloudTrail? […]

It has been a big week for Upwind here at AWS re:Invent 2024!  Our team has been on the ground in Las Vegas, Nevada this week for AWS’s largest annual conference. Here’s a quick look at what we’ve been up to. Monday, December 2. We announced our $100 million Series A, which was featured in […]

Today, we’re thrilled to introduce Upwind Shift Left – a major new capability in the Upwind platform that brings the power of runtime intelligence to CI/CD pipelines, transforming how teams secure their software at every step. By marrying real-world runtime context with build-time best practices, this next-generation solution redefines shift left for modern cloud security. […]

December 4, 2024 — Upwind, the next-generation cloud security platform, announced today that the Upwind Cloud Security Platform is available as a software component in the EC2 Image Builder console of Amazon Web Services (AWS). EC2 Image Builder is a fully-managed service that simplifies the customization, testing, distribution, and lifecycle management of Amazon Machine Images […]

Customers have always been our north-star. Being “Driven By Customers” is not just a paragraph written on our Careers page – it’s the way we operate on a daily basis. It is how we hire, promote, and give each other feedback at Upwind. It is also how we build products, prioritize features, and think about […]

A critical security vulnerability identified as CVE-2024-10220 has been discovered in Kubernetes’ deprecated gitRepo volume type. This vulnerability allows attackers with permissions to create pods using gitRepo volumes to execute arbitrary commands on the host node with root privileges, potentially leading to full system compromise. The gitRepo volume type was designed to clone Git repositories […]

In this webinar, we explore common challenges that DevOps teams face and look at how Upwind’s comprehensive platform can provide the solutions you need. From real-time network visibility and infrastructure insights to powerful cost optimization tools, Upwind empowers teams to protect their cloud environments and maximize their investments. Watch this webinar recap to understand how […]