Orca Platform
Cloud Attack Path Analysis: Work Smarter Not Harder
Cloud Attack Path Analysis is the automatic identification of risk combinations that create dangerous attack paths that can be exploited...
Blog
CISO Corner
Drop the SBOM (Software Bill of Materials)
Although an internal SBOM (Software Bill of Materials) is valuable, you owe it to yourself to avoid making it externally...
‘Orca Watch’ Series
CVE-2018-25032: Zlib Memory Corruption Vulnerability
On March 25, 2022, a PoC was published for the 4-year old CVE-2018-25032 in Zlib open source software that everyone...
Discovered Vulnerabilities
BreakingFormation: Technical Vulnerability Walkthrough
BreakingFormation is an XML External Entity (XXE) vulnerability found in AWS CloudFormation that led to local file disclosure, directory listing,...
Research
The Expansion of Malware to the Cloud
Overview of key threats for cloud environments, with a focus on Linux malware, database malware, malicious cryptomining code, and ransomware.
Orca Platform
Cloud Host Security: Protecting Running and Stopped VMs
This blog post provides a comprehensive overview of why you need cloud VM security, for both running and stopped VMs,...
Research
Key Security Capabilities in Kubernetes
Kubernetes was designed for functionality, not security, but it does include several key settings and policies. Learn more about Kubernetes...
Alicloud OSS Bucket without Access Logging
Alibaba Cloud OSS (Object Storage Service) provides storage service to your files and data in the account. The files are...
Alicloud OSS Bucket is Public
Alibaba Cloud OSS (Object Storage Service) provides storage service to your files and data in the account. The files are...