K8S API server configuration contains insecure bind address
It was found that the API server contains an insecure bind address. Setting an insecure bind address allows anyone to...
All articles by Orca Security
FileStore not encrypted using customer-managed encryption keys (CMEK)
Filestore instances are fully managed NFS file servers on Google Cloud for use with applications running on Compute Engine virtual...
DNSSEC is disabled for Cloud DNS
Domain Name System Security Extensions (DNSSEC) in Cloud DNS enables domain owners to take easy steps to protect their domains...
Weak algorithm used for zone-signing key in Cloud DNS DNSSEC
DNSSEC algorithm numbers in this registry may be used in CERT RRs. Zone signing (DNSSEC) and transaction security mechanisms (SIG(0)...
Load Balancer with weak cipher suites
Secure Sockets Layer (SSL) policies determine what port Transport Layer Security (TLS) features clients are permitted to use when connecting...
Unencrypted S3 Bucket
Amazon S3 provides a variety of no, or low, cost encryption options to protect data at rest. Encrypting data at...
AWS S3 Bucket Without “”MFA Delete”” Enabled
Using MFA-protected S3 buckets will enable an extra layer of protection to ensure that the S3 objects (files) cannot be...
DynamoDB table has point in time recovery disabled
DynamoDB table {AwsDynamodbTable} does not have point in time recovery enabled. Point in time recovery enables automatic backups of the...
Managed disk is not encrypted with CMK.
{AzureDisk} is not encrypted with customer managed key (CMK). Encrypting managed disks ensures that the entire content is fully unrecoverable...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.