Tag: kubernetes

Kubernetes Dashboard: Features, Security Concerns, and Best Practices

A geometric illustration featuring a large blue hexagon with a white abstract design in the center, surrounded by various pastel blue and red rectangles. The word Upwind is in the top left corner.

The Kubernetes Dashboard is a popular web-based interface designed to simplify the management of Kubernetes clusters. It provides an intuitive UI that allows users to view and manage cluster resources without needing to work directly with command-line tools. However, while convenient, the Kubernetes Dashboard also presents specific security risks that should be carefully managed, especially […]

Critical Kubernetes gitRepo Volume Vulnerability: CVE-2024-10220

White Kubernetes logo on a pink background with circular patterns. Text below reads, Arbitrary command execution through gitRepo volume (CVE-2024-10220).

A critical security vulnerability identified as CVE-2024-10220 has been discovered in Kubernetes’ deprecated gitRepo volume type. This vulnerability allows attackers with permissions to create pods using gitRepo volumes to execute arbitrary commands on the host node with root privileges, potentially leading to full system compromise. The gitRepo volume type was designed to clone Git repositories […]

Get Comprehensive Protection for Container-Optimized OS with Upwind

A blue and white graphic with a circular design in the center, featuring three interlocking geometric shapes. Lines radiate outward from the circle. The word upwind is in the top left corner.

We are excited to announce an addition to Upwind’s comprehensive container security, with support for Container-Optimized OS. What is Container-Optimized OS? Container-Optimized OS is a Google Cloud operating system image, and is the default node OS Image in Google Kubernetes Engine (GKE). It is primarily used for compute engine VMs and is optimized for running […]

Understanding Kubernetes Identities Part 2: Escalation Paths

Colorful illustration of six clownfish swimming among purple sea anemones on a blue background with bubbles. The word Upwind is displayed in white text in the top right corner.

In Kubernetes, understanding identity escalation paths is crucial for managing security risks effectively. This blog post delves into defining highly privileged identities and exploring potential privilege escalation paths using highly privileged permissions. Definition of a Highly Privileged Identity in Kubernetes In Kubernetes, a highly privileged identity refers to entities such as users or service accounts […]

Proactively Secure Your Kubernetes With Upwind’s Vulnerability Management

Illustration of a shipping container with a Kubernetes logo, labeled MyPod, illuminated by a spotlight. The scene has a digital, futuristic feel with a dark blue and white color scheme. The word Upwind is in the top right corner.

Upwind’s runtime vulnerability management leverages real-time, runtime insights and correlates them with CI/CD and DevOps context, giving you end-to-end visibility and protection for Kubernetes and associated workloads.  Upwind’s vulnerability management intelligently prioritizes your most critical vulnerabilities based on real environmental factors, cutting out around 95% of alert noise to focus on the risks that pose […]

Understanding Kubernetes Identities, Part 1

A cartoon clownfish swims through vibrant purple and blue coral in an underwater scene. Several other fish swim in the background, and light beams penetrate the water. The word Upwind is written in the top right corner.

When it comes to Kubernetes, managing identities is pivotal for ensuring secure and efficient cluster operations. These identities can be human users or machines, each requiring specific permissions to perform their tasks. In our latest research, we have explored what Kubernetes identities are, the default identities, the permissions they can have, how to configure these […]

Detect Exposed Kubernetes Dashboards

Diagram showing a central Kubernetes logo with various red and blue dashed arrows pointing towards and away from it. Some arrows have icons like a warning sign and container symbols. The upwind logo is in the top left corner.

We are excited to announce a new threat detection, with the ability to identify an exposed Kubernetes Dashboard. This threat detection will inform you when the Kubernetes dashboard for your cluster is exposed to the internet by a Load Balancer.  Exposing your dashboard to the internet makes the management interface of your cluster vulnerable to […]

Streamline Container Runtime Security with CRI-O Support

Abstract illustration featuring a large hexagon with a snowflake design in the center. The background shows a gradient sky, and the text reads, Upwind: Streamline Container Runtime Security with CRI-O Support.

We are excited to announce support for CRI-O (Container Runtime Interface – Orchestrator). CRI-O is an implementation of the Kubernetes Container Runtime Interface (CRI) to enable using Open Container Initiative (OCI) compatible runtimes, making integration between Kubernetes and container runtimes lightweight & seamless. Upwind’s eBPF sensor will now support CRI-O users, in addition to our […]

Ensure Seamless Hybrid-Cloud Security with Support for OpenShift Container Platform 

Illustration of a shipping container with the OpenShift logo on a ship, alongside the text Upwind OpenShift Support on a gradient blue background.

We are excited to introduce support for Red Hat OpenShift in the Cloud or On-Premises. Runtime Security for Red Hat OpenShift  Red Hat OpenShift Container Platform is a hybrid-cloud PaaS built around Linux containers, orchestrated and managed by Kubernetes with a Red Hat Enterprise Linux foundation. With this new capability, you can now seamlessly protect […]

Stay in touch

Product

CNAPP
Vulnerability Management
CSPM
Container Security
CWPP
CDR
API Security
Identity Security

General

About
Contact
Careers
Feed
Events
Case Studies
Get A Demo
Glossary

Social

Twitter
LinkedIn
Facebook

Resources

Documentation

Privacy Policy
Terms of Use

© 2024, Upwind Security