Research Pod Archives | Page 11 of 12

GCP Organization Policies: Governing Your Inheritance

Google Cloud

GCP Organization Policies: Governing Your Inheritance

A GCP Organization is the top node of the permissions hierarchy, making policies defined at this level powerful, automatically applying...

Tohar Braun

Apr 20, 2022

Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS

‘Orca Watch’ Series

Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS

Orca researcher Lidor Ben Shitrit reveals how Log4 shell TTPs in an AWS cloud environment can be used to open...

Lidor Ben Shitrit

Apr 13, 2022

CVE-2018-25032: Zlib Memory Corruption Vulnerability

‘Orca Watch’ Series

CVE-2018-25032: Zlib Memory Corruption Vulnerability

On March 25, 2022, a PoC was published for the 4-year old CVE-2018-25032 in Zlib open source software that everyone...

Tohar Braun

Mar 29, 2022

BreakingFormation: Technical Vulnerability Walkthrough

Discovered Vulnerabilities

BreakingFormation: Technical Vulnerability Walkthrough

BreakingFormation is an XML External Entity (XXE) vulnerability found in AWS CloudFormation that led to local file disclosure, directory listing,...

Tzah Pahima

Mar 28, 2022

Research

The Expansion of Malware to the Cloud

Overview of key threats for cloud environments, with a focus on Linux malware, database malware, malicious cryptomining code, and ransomware.

Bar Kaduri

Mar 24, 2022

Research

Key Security Capabilities in Kubernetes

Kubernetes was designed for functionality, not security, but it does include several key settings and policies. Learn more about Kubernetes...

Yonatan Broder

Mar 18, 2022

Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions

Research

Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions

The ‘Google Cloud Platform Storage Explorer’ tool crawls all of your Google Cloud projects and detects which have access to...

Liat Vaknin

Mar 17, 2022

Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives

‘Orca Watch’ Series

Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives

The Orca Security Research Pod has been actively tracking cyber attacks leading up to and occurring as part of Russia’s...

Bar Kaduri

Mar 11, 2022

CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability

‘Orca Watch’ Series

CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability

A new critical Linux privilege escalation vulnerability was published under the ID CVE-2022-0847, named “Dirty Pipe.”

Roy Aviram Bar Kaduri

Mar 10, 2022

Research Pod

GCP Organization Policies: Governing Your Inheritance

Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS

CVE-2018-25032: Zlib Memory Corruption Vulnerability

BreakingFormation: Technical Vulnerability Walkthrough

The Expansion of Malware to the Cloud

Key Security Capabilities in Kubernetes

Google Cloud Storage Explorer: Enumerating Google Cloud’s Bucket Access Permissions

Cyber Attacks in Russia’s Invasion of Ukraine: Orca Security Research Pod Perspectives

CVE-2022-0847: Linux Dirty Pipe Local Privilege Escalation Vulnerability

See Orca Security in Action

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons