All articles by Orca Security
Non-Corporate Authentication Key
The SSH authorized_keys file contains the following non-corporate account keys: '[email protected]', '[email protected]'. Illegitimately added keys usually have non-corporate usernames and...
Lambda Function Exposes AWS Secret
AWS lambda function {AwsLambdaFunction} was detected with environment variables exposing AWS access key or secret.
Service Account with Administrative Privileges within Project Scope
Administrative permissions ({PolicyBindings.Role}) have been granted to the Service Account {GcpIamServiceAccount} at the project level; these rights allow the User...
IAM User with Administrative Privileges
Orca has detected that the user {AwsUser} was granted full administrative privileges on the account. These privileges grant them the...
VM Instance Using the Default Service Account
It is recommended to configure your instance to not use the default Compute Engine service account because it has the...