Azure virtual machine allows direct SMB access from the Internet
Server Message Block (SMB) is a communication protocol intended to provide shared access to files on a network of systems....
Blog
Compute Instance with Default Service Account
The Compute Engine default service account is created with the primitive editor role within the project scope. These roles are...
Lambda function shares its IAM role
AWS lambda function {AwsLambdaFunction} does not follow the principle of least privilege, and shares its IAM role with another function.
IAM Role with Administrative Privileges
Orca has detected that the role {AwsIamRole} was granted full administrative privileges on the account. These privileges grant them the...
Azure Storage Account without private endpoint and firewall configured
In the storage account creation process, there are three connectivity methods: Public for all networks, Public for specified networks or...
Kubernetes API server publicly accessible
The API server of {GcpGkeCluster} is publicly accessible from anywhere on the internet. This leaves the Kubernetes API server exposed...
AWS Dynamodb table with provisioned capacity mode and disabled read/write autoscaling
It was detected that the read/write autoscaling of DynamoDB table ({AwsDynamodbTable}) is disabled. Amazon DynamoDB auto scaling uses the AWS...
Orca Platform
API Security: Expanding Coverage to Better Identify External API Exposure
API Security has risen to the top of the priorities list for CISOs and security teams. As misconfigured APIs have...
