Google Cloud
GCP Organization Policies: Governing Your Inheritance
A GCP Organization is the top node of the permissions hierarchy, making policies defined at this level powerful, automatically applying...
Blog
CISO Corner
Vulnerabilities Don’t Count
No one outside the IT department cares about vulnerability metrics. They care about efficacy. And traditional stats don’t show that.
‘Orca Watch’ Series
Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS
Orca researcher Lidor Ben Shitrit reveals how Log4 shell TTPs in an AWS cloud environment can be used to open...
Orca Platform
Kubernetes Hardening Guide: A Perfect Complement to the CIS Kubernetes Benchmarks
This Kubernetes Hardening Guide addresses security challenges and suggests hardening strategies for four major areas of Kubernetes security.
‘Orca Watch’ Series
Spring4Shell CVE 2022-22965 versus CVE-2022-22963: What’s The Difference?
Learn about the differences between the two vulnerabilities and which one you need to be more concerned about (spoiler alert:...
Orca Platform
Cloud Attack Path Analysis: Work Smarter Not Harder
Cloud Attack Path Analysis is the automatic identification of risk combinations that create dangerous attack paths that can be exploited...
CISO Corner
Drop the SBOM (Software Bill of Materials)
Although an internal SBOM (Software Bill of Materials) is valuable, you owe it to yourself to avoid making it externally...
‘Orca Watch’ Series
CVE-2018-25032: Zlib Memory Corruption Vulnerability
On March 25, 2022, a PoC was published for the 4-year old CVE-2018-25032 in Zlib open source software that everyone...
Discovered Vulnerabilities
BreakingFormation: Technical Vulnerability Walkthrough
BreakingFormation is an XML External Entity (XXE) vulnerability found in AWS CloudFormation that led to local file disclosure, directory listing,...
