Research
Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions
The ‘Google Cloud Platform Storage Explorer’ tool crawls all of your Google Cloud projects and detects which have access to...
Blog
Research
Blog: The Orca Security 2022 Cloud Security Alert Fatigue Report
The 2022 Cloud Security Alert Fatigue Report discusses the scale of the cybersecurity alert fatigue problem, its causes and impacts,...
‘Orca Watch’ Series
Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives
The Orca Security Research Pod has been actively tracking cyber attacks leading up to and occurring as part of Russia’s...
‘Orca Watch’ Series
CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability
A new critical Linux privilege escalation vulnerability was published under the ID CVE-2022-0847, named “Dirty Pipe.”
Orca Platform
Enhancing the Orca Security Risk Dashboard With an Integrated News Feed
This newest widget is called “From the News” and consists of a news feed of articles in a scrolling format.
Discovered Vulnerabilities
AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the...
Research
Lateral Movement in Google Cloud: Abusing the Infamous Default Service Account Misconfiguration
How a malicious actor can conduct lateral movement in Google Cloud across compute engine instances using the default service account.
Orca Platform
Orca Security Score: Benchmark Your Cloud Security Posture
The Orca Security Score enables you to assess and monitor your cloud security posture.
Orca Platform
CIEM: Beyond Identity Hygiene – Prioritized Identity Risks
CIEM Mantra: 1) identity hygiene, 2) detecting deviation from best practices, and 3) using identity data to understand/prioritize risks in...
