Research Pod Archives | Page 4 of 9

Critical CVE-2024-4577: PHP CGI Argument Injection Vulnerability

Orca Platform

Critical CVE-2024-4577: PHP CGI Argument Injection Vulnerability

On June 6th, researchers from Shadowserver, a nonprofit security organization, discovered a heavily exploited vulnerability in PHP servers running on...

Yonatan Yosef

Jun 13, 2024

2024 Cloud Security Strategies Report Reveals Resource Constraints and Lack of Visibility as the Biggest Challenges

Research

2024 Cloud Security Strategies Report Reveals Resource Constraints and Lack of Visibility as the Biggest Challenges

Orca Security has released the 2023 & 2024 Cloud Security Strategies Report, which reveals key insights from senior executives about...

Todd Stansfield

May 28, 2024

LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs

Discovered Vulnerabilities

LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs

Table of contentsExecutive Summary:What are Azure, Gcloud and AWS CLI?Exposure of Serverless environment variablesAWS CLI LeakageGcloud CLI LeakageExploitation Proof of...

Roi Nisimi

Apr 16, 2024

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Technical Deep Dives

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Table of contentsBuilding the vulnerable scenariosScenario 1: Web application vulnerabilityScenario 2: CI/CD server vulnerabilityAutomated vulnerability detection using Nuclei templatesScenario 1:...

Ofir Yakobi

Apr 03, 2024

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

‘Orca Watch’ Series

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

A malicious backdoor has been discovered in the XZ Utils package, a popular data compression library used in major Linux...

Bar Kaduri

Mar 30, 2024

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

‘Orca Watch’ Series

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

With 84% of vulnerable and exposed TeamCity servers likely already compromised, the recent issue in JetBrains’ TeamCity illustrates how a...

Ofir Yakobi Neil Carpenter

Mar 20, 2024

Breaking Down APT29’s Latest Tactics and How to Defend Against Them

‘Orca Watch’ Series

Breaking Down APT29’s Latest Tactics and How to Defend Against Them

Recently, the US National Security Agency (NSA) joined United Kingdom’s National Cyber Security Center (NCSC) in releasing an advisory detailing...

Shir Sadon Neil Carpenter

Mar 14, 2024

2024 State of Cloud Security Report Shows That More Risk Prioritization is Needed

‘Orca Watch’ Series

2024 State of Cloud Security Report Shows That More Risk Prioritization is Needed

Orca Security has released the 2024 State of Cloud Security Report, which leverages unique insights into cloud risks captured by...

Shir Sadon Deborah Galea

Feb 27, 2024

Detecting Malicious Actors By Observing Commands in Shell History

Technical Deep Dives

Detecting Malicious Actors By Observing Commands in Shell History

Among the myriad techniques and tools at the disposal of cybersecurity experts, one subtle yet powerful method often goes unnoticed:...

Shir Sadon

Feb 21, 2024

Research Pod

Critical CVE-2024-4577: PHP CGI Argument Injection Vulnerability

2024 Cloud Security Strategies Report Reveals Resource Constraints and Lack of Visibility as the Biggest Challenges

LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs

Leveraging Nuclei Templates to Identify Risks and Threats in Critical Cloud Applications

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

POC and Explanation of Critical TeamCity Authentication Bypass Vulnerability (CVE-2024-27198)

Breaking Down APT29’s Latest Tactics and How to Defend Against Them

2024 State of Cloud Security Report Shows That More Risk Prioritization is Needed

Detecting Malicious Actors By Observing Commands in Shell History

See Orca Security in Action

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons