Research
Beware the Azure Guest User: How to Detect When a Guest User Account Is Being Exploited
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. Often,...
Research Pod
Discovered Vulnerabilities
Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack
Bad.Build is a critical design flaw discovered by the Orca Research Pod in the Google Cloud Build service that enables...
Research
Using AI to Detect Cloud Anomalies: A Supply Chain Attack Example
Although it’s always preferable to prevent security incidents before they occur, it’s only a matter of time before an attacker...
‘Orca Watch’ Series
2023 Honeypotting in the Cloud Report: Attackers Discover and Weaponize Exposed Cloud Assets and Secrets in Minutes
The state of cloud security is a dynamic and ever-evolving landscape, as both attackers and defenders continuously adapt their tactics...
Discovered Vulnerabilities
Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames
Microsoft Azure offers a diverse range of services that empower organizations with convenient and scalable cloud infrastructure solutions. However, even...
‘Orca Watch’ Series
The Top 5 Cloud Security Risks of 2023 (so far)
As we approach the middle of 2023, we thought it an appropriate time to reflect on the cloud security risks...
Research
Dependency Confusion Supply Chain Attacks: 49% of Organizations Are Vulnerable
In recent years, supply chain attacks targeting software developers and suppliers have become increasingly common. The primary objective of these...
Discovered Vulnerabilities
From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys
Here at Orca Security, our team of cloud researchers are continually pushing the cloud security limits to ensure that we...
Discovered Vulnerabilities
Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383)
Today, at BlueHat IL 2023, we proudly announced our discovery of a new vulnerability in Azure, which we've dubbed 'Super...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.