Research
Elastic IP Transfer: Identifying and Mitigating Risks from a New Attack-Vector on AWS
Elastic IPs (EIPs) are public and static IPv4 addresses provided by AWS. EIPs can be viewed as a pool of...
Blog
Discovered Vulnerabilities
How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services
As part of the Orca Research Pod efforts, we regularly research various cloud provider services and capabilities to help our...
Discovered Vulnerabilities
Unauthenticated SSRF Vulnerability on Azure Digital Twins Explorer
In this blog we describe how we uncovered an SSRF Vulnerability in the Azure DigitalTwins Explorer service, allowing any unauthenticated...
Discovered Vulnerabilities
Unauthenticated SSRF Vulnerability on Azure Functions
In this blog we describe how we uncovered an SSRF Vulnerability in Azure Functions allowing any unauthenticated user to request...
Discovered Vulnerabilities
Authenticated SSRF Vulnerability on Azure API Management Service
In this blog we describe how we uncovered an important Server-Side Request Forgery (SSRF) Vulnerability on Azure API Management Service,...
Discovered Vulnerabilities
Authenticated SSRF Vulnerability on Azure Machine Learning Service
In this blog we describe how we uncovered an SSRF Vulnerability in the Azure Machine Learning service, allowing any authenticated...
Orca Platform
Orca Announces Support for India Cloud Data Center Further Demonstrating Commitment to Multi-National and APAC organizations
In addition to supporting existing cloud data center locations in North America, Europe, and Australia, Orca Security today announced support...
Orca Platform
Use Graph Visualization to Better Explore Interconnected Cloud Risks
“Defenders think in lists. Attackers think in graphs,” is a familiar saying in cybersecurity. Sophisticated attackers perform reconnaissance to find...
Web-service unpatched
We have found that the web-service {service_detailed} on the system was not patched for several months. It is important to...