Cloud Security Insights
Experts Advise What NOT to do in your Cloud Security and Compliance Program in 2022
Orca Security asked CEOs, CISOs, and other cyber security leaders across a variety of industries for their advice on how...
Blog
Research
Azure AD & IAM (Part III) – Leveraging Managed Identities for Privilege Escalation
In the third part of the Orca Security blog post series about Azure AD and IAM, Roee shares research on...
Research
Instantly Detect Log4j Vulnerabilities on AWS, Azure and Google Cloud
Update as of December 28, 2021: A new remote code execution (RCE) flaw has been discovered in Log4j 2.17.0, tracked...
Cloud Security Insights
Expert Roundup: What Are the Best Cloud Compliance Strategies for 2022?
Orca Security roundup of Cybersecurity Leaders and Experts: Where should organizations focus their cloud compliance strategies in 2022?
Cloud Security Insights
Expert Roundup: How to Respond to Log4Shell
Have you and your security team been working weekends and long days to remediate Log4j2 vulnerabilities? With new Log4j vulnerabilities...
Research
Azure AD & IAM (Part II) – Leveraging Managed Identities For Privilege Escalation
Table of contentsWhat are managed identities?Getting a managed identity access tokenThe known privilege escalation methodMy research objectivesEscalation to managed identities’...
Network security group flow log retention period is less than 90 days or disabled
Logs can be used to check for anomalies and give insight into suspected breaches. Flow logs on network watcher {AzureNetworkFlowLog}...
Amazon Web Services
AWS re:Invent 2021 Recap: Cloud Security at the PagerDuty Theater
Orca Security presented "Invisible Security at the Speed of Cloud" at AWS Re:Invent 2021. Here’s a recap of what we...
Research
Google Cloud Platform IAM
Google’s approach to Identity and Access Management is relatively the most straightforward among the three major cloud providers.
