Blog Archives | Page 105 of 127

FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer

Discovered Vulnerabilities

FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer

The Orca Research Pod has discovered FabriXss, a vulnerability in Azure Service Fabric Explorer

Roee Sagi Lidor Ben Shitrit

Oct 19, 2022

Multi-Cloud API Security With Continuous Visibility and Risk Management

Orca Platform

Multi-Cloud API Security With Continuous Visibility and Risk Management

We are very excited to announce that the Orca Cloud Security Platform now includes the industry’s first fully agentless API...

Shai Alon Jason Silberman

Oct 18, 2022

Cloud Risk Encyclopedia Q3 Update: A Useful Resource for Kubernetes Security Risks and Best Practices

Research

Cloud Risk Encyclopedia Q3 Update: A Useful Resource for Kubernetes Security Risks and Best Practices

Orca has published a new update on Kubernetes security to the Cloud Risk Encyclopedia (CRE), a public resource featuring cloud...

Jason Silberman Yonatan Broder

Oct 13, 2022

Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Automated)

Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Automated)

Basic statement logging can be provided by the standard logging facility with log_statement = all. This is acceptable for monitoring...

Orca Security

Oct 11, 2022

AWS EC2 instance allows public ingress access on Oracle port 1521

AWS EC2 instance allows public ingress access on Oracle port 1521

Oracle TNS(Transparent Network Substrate) port - 1521 is used by Oracle client to connect to the database server over Oracle...

Orca Security

Oct 11, 2022

AWS EC2 instance allows public ingress access on Redis port 6379

AWS EC2 instance allows public ingress access on Redis port 6379

Redis is a caching service to store application related information which is sensitive and confidential. Allowing inbound traffic from external...

Orca Security

Oct 11, 2022

Cloud function without HTTPS Trigger

GCP cloud function {GcpCloudFunction} was detected running without HTTPS trigger, allowing unauthenticated invocation by default.

Orca Security

Oct 11, 2022

AWS EC2 instance allows public ingress access on LDAP port 389

AWS EC2 instance allows public ingress access on LDAP port 389

LDAP (Lightweight Directory Access Protocol) is used to connect to directory services for user authentication and retrieval. Allowing Inbound traffic...

Orca Security

Oct 11, 2022

Asset Configuration

The asset {asset_name} ({asset_id}) is configured to use instance metadata service version 1 and 2 (Metadata_HttpToken = {Metadata_HttpTokens}, not enforcing...

Orca Security

Oct 11, 2022

Blog

FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer

Multi-Cloud API Security With Continuous Visibility and Risk Management

Cloud Risk Encyclopedia Q3 Update: A Useful Resource for Kubernetes Security Risks and Best Practices

Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Automated)

AWS EC2 instance allows public ingress access on Oracle port 1521

AWS EC2 instance allows public ingress access on Redis port 6379

Cloud function without HTTPS Trigger

AWS EC2 instance allows public ingress access on LDAP port 389

Asset Configuration

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons