‘Orca Watch’ Series
Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS
Orca researcher Lidor Ben Shitrit reveals how Log4 shell TTPs in an AWS cloud environment can be used to open...
Blog
Orca Platform
Kubernetes Hardening Guide: A Perfect Complement to the CIS Kubernetes Benchmarks
This Kubernetes Hardening Guide addresses security challenges and suggests hardening strategies for four major areas of Kubernetes security.
‘Orca Watch’ Series
Spring4Shell CVE 2022-22965 versus CVE-2022-22963: What’s The Difference?
Learn about the differences between the two vulnerabilities and which one you need to be more concerned about (spoiler alert:...
Orca Platform
Cloud Attack Path Analysis: Work Smarter Not Harder
Cloud Attack Path Analysis is the automatic identification of risk combinations that create dangerous attack paths that can be exploited...
CISO Corner
Drop the SBOM (Software Bill of Materials)
Although an internal SBOM (Software Bill of Materials) is valuable, you owe it to yourself to avoid making it externally...
‘Orca Watch’ Series
CVE-2018-25032: Zlib Memory Corruption Vulnerability
On March 25, 2022, a PoC was published for the 4-year old CVE-2018-25032 in Zlib open source software that everyone...
Discovered Vulnerabilities
BreakingFormation: Technical Vulnerability Walkthrough
BreakingFormation is an XML External Entity (XXE) vulnerability found in AWS CloudFormation that led to local file disclosure, directory listing,...
Research
The Expansion of Malware to the Cloud
Overview of key threats for cloud environments, with a focus on Linux malware, database malware, malicious cryptomining code, and ransomware.
Orca Platform
Cloud Host Security: Protecting Running and Stopped VMs
This blog post provides a comprehensive overview of why you need cloud VM security, for both running and stopped VMs,...
