Research Pod

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

Discovered Vulnerabilities

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...

Jun 14, 2023

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

Research

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

In recent years, supply chain attacks targeting software developers and suppliers have become increasingly common. The primary objective of these...

May 09, 2023

Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

Discovered Vulnerabilities

Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

Today, at BlueHat IL 2023, we proudly announced our discovery of a new vulnerability in Azure, which we've dubbed 'Super...

Mar 30, 2023

The Top 5 Cloud Security Risks of 2023 (so far)

‘Orca Watch’ Series

The Top 5 Cloud Security Risks of 2023 (so far)

As we approach the middle of 2023, we thought it an appropriate time to reflect on the cloud security risks...

May 18, 2023

Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services

Discovered Vulnerabilities

Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services

The Orca Research Pod recently discovered a total of 8 important Cross-Site Scripting (XSS) vulnerabilities within various Apache services on...

Sep 13, 2023

Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited

Research

Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited

In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. Often,...

Aug 28, 2023

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Research

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Bad.Build is a critical design flaw discovered by the Orca Research Pod in the Google Cloud Build service that enables...

Jul 18, 2023

Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example

Research

Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example

Although it’s always preferable to prevent security incidents before they occur, it’s only a matter of time before an attacker...

Jul 18, 2023

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes

‘Orca Watch’ Series

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes

The state of cloud security is a dynamic and ever-evolving landscape, as both attackers and defenders continuously adapt their tactics...

Jun 20, 2023

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Discovered Vulnerabilities

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Here at Orca Security, our team of cloud researchers are continually pushing the cloud security limits to ensure that we...

Apr 11, 2023

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

Amazon Web Services (AWS)

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

We're excited to announce the release of our new free community cloud security tool IAM AWS Policy Evaluator (IAM APE),...

Mar 09, 2023

Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks

‘Orca Watch’ Series

Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks

Wait, did you say ‘Cross-Cloud Provider Attacks’? Yes, this is actually a growing type of attack path: As organizations increasingly...

Mar 08, 2023

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.

Research Pod

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

The Top 5 Cloud Security Risks of 2023 (so far)

Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services

Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example

2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys

Meet IAM APE: An Open Source Tool to Simplify AWS IAM Policy Management

Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS