Research Pod Archives | Page 12 of 14

Infrastructure as Code: Common Security Risks and How to Prevent Them

Research

Infrastructure as Code: Common Security Risks and How to Prevent Them

Check out this Orca Security article that outlines infrastructure as code (IaC) security risks and offers recommended methods for protecting...

Roy Aviram

Aug 16, 2022

SynLapse – Technical Details for Critical Azure Synapse Vulnerability

Discovered Vulnerabilities

SynLapse – Technical Details for Critical Azure Synapse Vulnerability

Recently, the Orca Security research team discovered SynLapse, a tenant separation violation vulnerability in the Microsoft Azure Synapse environment.

Tzah Pahima

Jun 14, 2022

Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained

‘Orca Watch’ Series

Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained

A threat actor recently hacked a popular PyPi repo on GitHub, setting off a supply chain attack that could have...

Lidor Ben Shitrit

Jun 13, 2022

Security Advisory: Insufficient Tenant Separation in Azure Synapse Service

Discovered Vulnerabilities

Security Advisory: Insufficient Tenant Separation in Azure Synapse Service

This security advisory addresses a tenant separation issue in the Microsoft Azure Synapse service.

Avi Shua

May 09, 2022

Open Source Package Risks in Cloud Environments and How It Relates to the Russian-Ukrainian Conflict

‘Orca Watch’ Series

Open Source Package Risks in Cloud Environments and How It Relates to the Russian-Ukrainian Conflict

Protestware malicious code found in NPM package node-ipc in Russia / Belarus, overwriting entire file systems with heart emojis to...

Lidor Ben Shitrit

Apr 27, 2022

GCP Organization Policies: Governing Your Inheritance

Google Cloud

GCP Organization Policies: Governing Your Inheritance

A GCP Organization is the top node of the permissions hierarchy, making policies defined at this level powerful, automatically applying...

Tohar Braun

Apr 20, 2022

Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS

‘Orca Watch’ Series

Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS

Orca researcher Lidor Ben Shitrit reveals how Log4 shell TTPs in an AWS cloud environment can be used to open...

Lidor Ben Shitrit

Apr 13, 2022

CVE-2018-25032: Zlib Memory Corruption Vulnerability

‘Orca Watch’ Series

CVE-2018-25032: Zlib Memory Corruption Vulnerability

On March 25, 2022, a PoC was published for the 4-year old CVE-2018-25032 in Zlib open source software that everyone...

Tohar Braun

Mar 29, 2022

BreakingFormation: Technical Vulnerability Walkthrough

Discovered Vulnerabilities

BreakingFormation: Technical Vulnerability Walkthrough

BreakingFormation is an XML External Entity (XXE) vulnerability found in AWS CloudFormation that led to local file disclosure, directory listing,...

Tzah Pahima

Mar 28, 2022

Research Pod

Infrastructure as Code: Common Security Risks and How to Prevent Them

SynLapse – Technical Details for Critical Azure Synapse Vulnerability

Supply Chain Attack: CTX Account Takeover and PHPass Hijack Explained

Security Advisory: Insufficient Tenant Separation in Azure Synapse Service

Open Source Package Risks in Cloud Environments and How It Relates to the Russian-Ukrainian Conflict

GCP Organization Policies: Governing Your Inheritance

Unfolding the Log4j Security Vulnerability and Log4shell TTPs in AWS

CVE-2018-25032: Zlib Memory Corruption Vulnerability

BreakingFormation: Technical Vulnerability Walkthrough

See Orca Security in Action

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons