Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames
Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...
Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...
In recent years, supply chain attacks targeting software developers and suppliers have become increasingly common. The primary objective of these...
Today, at BlueHat IL 2023, we proudly announced our discovery of a new vulnerability in Azure, which we've dubbed 'Super...
As we approach the middle of 2023, we thought it an appropriate time to reflect on the cloud security risks...
Here at Orca Security, our team of cloud researchers are continually pushing the cloud security limits to ensure that we...
We're excited to announce the release of our new free community cloud security tool IAM AWS Policy Evaluator (IAM APE),...
Wait, did you say ‘Cross-Cloud Provider Attacks’? Yes, this is actually a growing type of attack path: As organizations increasingly...
Cloud storage buckets, such as Amazon S3 Buckets, Azure Blob storage and GCP storage buckets, are a popular storage solution...
As more organizations adopt containerized infrastructure, the need for effective security practices becomes increasingly important. Recently released by the OWASP...
Elastic IPs (EIPs) are public and static IPv4 addresses provided by AWS. EIPs can be viewed as a pool of...
In this blog we describe how we uncovered an important Server-Side Request Forgery (SSRF) Vulnerability on Azure API Management Service,...
In this blog we describe how we uncovered an SSRF Vulnerability in the Azure Machine Learning service, allowing any authenticated...
In this blog we describe how we uncovered an SSRF Vulnerability in Azure Functions allowing any unauthenticated user to request...