Research Pod

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

Discovered Vulnerabilities

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...

Jun 14, 2023

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

Research

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

In recent years, supply chain attacks targeting software developers and suppliers have become increasingly common. The primary objective of these...

May 09, 2023

Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

Discovered Vulnerabilities

Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

Today, at BlueHat IL 2023, we proudly announced our discovery of a new vulnerability in Azure, which we've dubbed 'Super...

Mar 30, 2023

The Top 5 Cloud Security Risks of 2023 (so far)

‘Orca Watch’ Series

The Top 5 Cloud Security Risks of 2023 (so far)

As we approach the middle of 2023, we thought it an appropriate time to reflect on the cloud security risks...

May 18, 2023

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

Discovered Vulnerabilities

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

The Orca Research Pod has uncovered a dangerous loophole in Google Kubernetes Engine (GKE) that could allow an attacker with...

Jan 24, 2024

The Biggest Cloud Security Threats to Watch Out for in 2024

‘Orca Watch’ Series

The Biggest Cloud Security Threats to Watch Out for in 2024

It’s hard to believe that 2023 is nearing its end. As we look ahead to 2024, the Orca Research Pod...

Dec 27, 2023

Unauthenticated Access to GCP Dataproc Can Lead to Data Leak

Discovered Vulnerabilities

Unauthenticated Access to GCP Dataproc Can Lead to Data Leak

The Orca Research Pod has made an important discovery that puts Google Cloud Dataproc clusters at risk for data theft,...

Dec 12, 2023

The Great CVSS Bake Off: Testing How CVSS v4 Performs Versus v3

Research

The Great CVSS Bake Off: Testing How CVSS v4 Performs Versus v3

The highly anticipated Common Vulnerability Scoring System (CVSS) version 4 is planned to be released on October 31st by the...

Oct 24, 2023

Meet Orca Security Cloud Threat Researcher Lidor B.

Research

Meet Orca Security Cloud Threat Researcher Lidor B.

Fun Facts About Lidor Beverage of choice: Coffee or soda Go-to snack: Any kind of chocolate Hobbies (Present and Past):...

Oct 03, 2023

Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services

Discovered Vulnerabilities

Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services

The Orca Research Pod recently discovered a total of 8 important Cross-Site Scripting (XSS) vulnerabilities within various Apache services on...

Sep 13, 2023

Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited

Research

Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited

In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. Often,...

Aug 28, 2023

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Discovered Vulnerabilities

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Bad.Build is a critical design flaw discovered by the Orca Research Pod in the Google Cloud Build service that enables...

Jul 18, 2023

Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example

Research

Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example

Although it’s always preferable to prevent security incidents before they occur, it’s only a matter of time before an attacker...

Jul 18, 2023

1 2 3 4 … 6

Research Pod

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable

Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)

The Top 5 Cloud Security Risks of 2023 (so far)

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

The Biggest Cloud Security Threats to Watch Out for in 2024

Unauthenticated Access to GCP Dataproc Can Lead to Data Leak

The Great CVSS Bake Off: Testing How CVSS v4 Performs Versus v3

Meet Orca Security Cloud Threat Researcher Lidor B.

Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services

Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited

Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack

Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons