‘Orca Watch’ Series
Linux Privilege Escalation Vulnerability in Polkit’s pkexec
A new critical Linux local privilege escalation vulnerability, found on Polkit's pkexec utility, was published and assigned CVE-2021-4034.
Blog
‘Orca Watch’ Series
HTTP Protocol Stack Remote Code Execution Vulnerability
On Jan. 11, 2022, an HTTP Protocol stack remote code execution security vulnerability was identified. Microsoft assigned the CVE 2022-21907...
Cloud Security Insights
Two Critical Cloud Vulnerabilities to Convince You to Move to the Cloud
The Orca Security Research Team found two zero-day vulnerabilities in AWS: Superglue and BreakingFormation. Here’s what you need to know.
Discovered Vulnerabilities
BreakingFormation: Orca Security Research Team Discovers AWS CloudFormation Vulnerability
Orca Security’s vulnerability researcher, Tzah Pahima, discovered a vulnerability in AWS allowing file and credential disclosure of an AWS internal...
Discovered Vulnerabilities
Superglue: Orca Security Research Team Discovers AWS Glue Vulnerability
Orca's Research Team discovered a critical vulnerability that could allow an actor to create resources and access data of AWS...
Cloud Security Insights
Experts Advise What NOT to do in your Cloud Security and Compliance Program in 2022
Orca Security asked CEOs, CISOs, and other cyber security leaders across a variety of industries for their advice on how...
Research
Azure AD & IAM (Part III) – Leveraging Managed Identities for Privilege Escalation
In the third part of the Orca Security blog post series about Azure AD and IAM, Roee shares research on...
Research
Instantly Detect Log4j Vulnerabilities on AWS, Azure and Google Cloud
Update as of December 28, 2021: A new remote code execution (RCE) flaw has been discovered in Log4j 2.17.0, tracked...
Cloud Security Insights
Expert Roundup: What Are the Best Cloud Compliance Strategies for 2022?
Orca Security roundup of Cybersecurity Leaders and Experts: Where should organizations focus their cloud compliance strategies in 2022?