Discovered Vulnerabilities
CosMiss: Azure Cosmos DB Notebook Remote Code Execution Vulnerability
The Orca Research Pod has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from...
Blog
‘Orca Watch’ Series
Prepare to Patch Critical OpenSSL Vulnerability
This blog provides recommendations for patching the OpenSSL vulnerability and specifics for how you can detect vulnerable OpenSSL packages in...
Orca Platform
Orca Cloud Security Platform Achieves FedRAMP Ready Status
The Orca Security Platform has the capability to provide US federal agencies and contractors with a fully agentless cloud security...
Orca Platform
Manage Cloud Security Risks with Auto-Remediation
Orca's Auto-Remediation solution improves your security posture and compliance requirements.
Discovered Vulnerabilities
FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer
The Orca Research Pod has discovered FabriXss, a vulnerability in Azure Service Fabric Explorer
Orca Platform
Multi-Cloud API Security With Continuous Visibility and Risk Management
We are very excited to announce that the Orca Cloud Security Platform now includes the industry’s first fully agentless API...
Research
Cloud Risk Encyclopedia Q3 Update: A Useful Resource for Kubernetes Security Risks and Best Practices
Orca has published a new update on Kubernetes security to the Cloud Risk Encyclopedia (CRE), a public resource featuring cloud...
Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Automated)
Basic statement logging can be provided by the standard logging facility with log_statement = all. This is acceptable for monitoring...
AWS EC2 instance allows public ingress access on Oracle port 1521
Oracle TNS(Transparent Network Substrate) port - 1521 is used by Oracle client to connect to the database server over Oracle...