All articles by Orca Security

Network security group flow log retention period is less than 90 days or disabled

Network security group flow log retention period is less than 90 days or disabled

Logs can be used to check for anomalies and give insight into suspected breaches. Flow logs on network watcher {AzureNetworkFlowLog}...

Dec 16, 2021

Sensitive AWS Keys on System

Sensitive AWS Keys on System

Nov 15, 2021

Password in Shell History

Password in Shell History

Nov 15, 2021

Sensitive Data in File

Sensitive Data in File

Nov 03, 2021

Sensitive Info in Git Repository

Sensitive Info in Git Repository

Nov 02, 2021

Weak Host Password

Weak Host Password

Nov 01, 2021

Non-Corporate Authentication Key

Non-Corporate Authentication Key

The SSH authorized_keys file contains the following non-corporate account keys: 'xxx@gmail.com', 'xxx@yahoo.com'. Illegitimately added keys usually have non-corporate usernames and...

Nov 01, 2021

Lambda Function Exposes AWS Secret

Lambda Function Exposes AWS Secret

AWS lambda function {AwsLambdaFunction} was detected with environment variables exposing AWS access key or secret.

Nov 01, 2021

Service Account with Administrative Privileges within Project Scope

Service Account with Administrative Privileges within Project Scope

Administrative permissions ({PolicyBindings.Role}) have been granted to the Service Account {GcpIamServiceAccount} at the project level; these rights allow the User...

Nov 01, 2021

1 … 60 61 62 63 64