Research
Key Security Capabilities in Kubernetes
Kubernetes was designed for functionality, not security, but it does include several key settings and policies. Learn more about Kubernetes...
Blog
Alicloud OSS Bucket without Access Logging
Alibaba Cloud OSS (Object Storage Service) provides storage service to your files and data in the account. The files are...
Alicloud OSS Bucket is Public
Alibaba Cloud OSS (Object Storage Service) provides storage service to your files and data in the account. The files are...
Research
Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions
The ‘Google Cloud Platform Storage Explorer’ tool crawls all of your Google Cloud projects and detects which have access to...
Research
Blog: The Orca Security 2022 Cloud Security Alert Fatigue Report
The 2022 Cloud Security Alert Fatigue Report discusses the scale of the cybersecurity alert fatigue problem, its causes and impacts,...
‘Orca Watch’ Series
Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives
The Orca Security Research Pod has been actively tracking cyber attacks leading up to and occurring as part of Russia’s...
‘Orca Watch’ Series
CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability
A new critical Linux privilege escalation vulnerability was published under the ID CVE-2022-0847, named “Dirty Pipe.”
Orca Platform
Enhancing the Orca Security Risk Dashboard With an Integrated News Feed
This newest widget is called “From the News” and consists of a news feed of articles in a scrolling format.
Discovered Vulnerabilities
AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service
AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the...
